nach oben

Erschienen in:

2024 | OriginalPaper | Buchkapitel

Developing with Compliance in Mind: Addressing Data Protection Law, Cybersecurity Regulation, and AI Regulation During Software Development

verfasst von : Bjørn Aslak Juliussen, Jon Petter Rui, Dag Johansen

Erschienen in: Privacy and Identity Management. Sharing in a Digital World

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

This paper explores the concept of complying with relevant legal requirements when developing software systems. Specifically, it focuses on data protection law, cybersecurity regulation, and Artificial Intelligence (AI) regulation requirements in the software system development processes. The paper analyses the impact of three key regulatory frameworks in the European Union: the General Data Protection Regulation (GDPR), the Network and Information Security (NIS) 2 Directive, and the proposed Artificial Intelligence Act (AIA). The article examines the interplay and potential conflicts between different requirements in these rule sets. Towards the end of the paper, some suggestions are made for achieving alignment with these regulations in software systems, enabling concurrent compliance with the GDPR, the NIS 2 Directive, and the AIA, in situations where all the regulations enter into effect simultaneously.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel User Interaction Data in Apps: Comparing Policy Claims to Implementations

Nächstes Kapitel Digital Security Controversy Analysis: A Case Study of the Debate over GCHQ Exceptional Access Proposal

Chung, L., Nixon, B.A., Yu, E., Mylopoulos, J.: Non-Functional Requirements in Software Engineering. Springer, New York (2012). https://doi.org/10.1007/978-1-4615-5269-7CrossRef

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L 119/1

Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending regulation (EU) NO 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) [2022] OJ L 333/80. See NIS 2 Article 41(1) for the date of entry into force of the directive

Proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain union legislative acts COM/2022/206 final. Recital 51

European Commission, Regulatory Framework Proposal on Artificial Intelligence. https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai. Accessed 22 Nov 2023

Nweke, L.O., Wolthusen, S.: Legal issues related to cyber threat information sharing among private entities for critical infrastructure protection. In: 2020 12th International Conference on Cyber Conflict (CyCon), vol. 1300. IEEE (2020). https://doi.org/10.23919/CyCon49761.2020.9131721

Borden, R., et al.: Threat information sharing under GDPR. https://www.americanbar.org/groups/science_technology/publications/scitech_lawyer/2019/spring/threat-information-sharing-under-gdpr/. Accessed 22 Nov 2023

Case C-154/21 Österreichische Post ECLI:EU:C:2023:3 (Grand Chamber)

Markopoulou, D., et al.: The new EU cybersecurity framework: the NIS Directive, ENISA’s role and the General Data Protection Regulation. Comput. Law Secur. Rev. 35(6), 105336 (2019). https://doi.org/10.1016/j.clsr.2019.06.007CrossRef

10.

Sarker, I.H., et al.: AI-driven cybersecurity: an overview, security intelligence modeling and research directions. SN Comput. Sci. 2, 173 (2021). https://doi.org/10.1007/s42979-021-00557-0CrossRef

11.

Horák, M., et al.: GDPR compliance in cybersecurity software: a case study of DPIA in information sharing platform. In: Proceedings of the 14th International Conference on Availability, Reliability and Security (2019). https://doi.org/10.1145/3339252.3340516

12.

Perera, H., et al.: Towards integrating human values into software: mapping principles and rights of GDPR to values. In: 2019 IEEE 27th International Requirements Engineering Conference (RE). IEEE (2019). https://doi.org/10.1109/RE.2019.00053

13.

Aberkane, A.-J., Poels, G., Broucke, S.V.: Exploring automated GDPR-compliance in requirements engineering: a systematic mapping study. IEEE Access 9, 66542–66559 (2021). https://doi.org/10.1109/ACCESS.2021.3076921CrossRef

14.

Conger, S., Landry, B.J.L.: The intersection of privacy and security (2009). All Sprouts Content. 243

15.

Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending regulation (EU) 2018/1724 (Data Governance Act) [2022] OJ L 152/1

16.

Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act) OJ L 265/1

17.

Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act) [2022] OJ L 277/1

18.

Datatilsynet, Vedtak om pålegg-PostNord AS, 20/02144-16. Information Commissioner’s Office (ICO), Security requirements. Danish Data Protection Authority, passende tekniske og organisatoriske foranstaltninger

19.

Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (2003/361/EC) [2003] OJ L 124/36

20.

Iskhakov, A.Y., Khazanova, Y.Y., Mamchenko, M.V., Meshcheryakov, R.V., Iskhakova, A.O., Khripunov, S.P.: Adaptive authentication system based on unsupervised learning for web-oriented platforms. In: Shakya, S., Papakostas, G., Kamel, K.A. (eds.) ICMCSI 2023. LNDECT, vol. 166, pp. 507–522. Springer, Singapore (2023). https://doi.org/10.1007/978-981-99-0835-6_36CrossRef

21.

Valkenburg, G.: Privacy versus security: problems and possibilities for the trade-off model. In: Gutwirth, S., Leenes, R., de Hert, P. (eds.) Reforming European Data Protection Law, vol. 20, pp. 253–269. Springer, Dordrecht (2015). https://doi.org/10.1007/978-94-017-9385-8_10CrossRef

22.

EFTA, Directive (EU) 2022/2555. https://www.efta.int/eea-lex/32022L2555. Accessed 22 Nov 2023

23.

ISO, ISO/IEC 27001 and related standards. https://www.iso.org/isoiec-27001-information-security.html. Accessed 22 Nov 2023

24.

van Dijk, N., Gellert, R., Rommetveit, K.: A risk to a right? Beyond data protection risk assessments. Comput. Law Secur. Rev. 32(2), 286–306 (2016). https://doi.org/10.1016/j.clsr.2015.12.017CrossRef

25.

European Council, Digital Single Market. https://www.consilium.europa.eu/en/policies/digital-single-market/. Accessed 24 Nov 2023

Titel: Developing with Compliance in Mind: Addressing Data Protection Law, Cybersecurity Regulation, and AI Regulation During Software Development
verfasst von: Bjørn Aslak Juliussen
Jon Petter Rui
Dag Johansen
Verlag: Springer Nature Switzerland
Buch: Privacy and Identity Management. Sharing in a Digital World
Print ISBN: 978-3-031-57977-6

Electronic ISBN: 978-3-031-57978-3

Copyright-Jahr: 2024
DOI: https://doi.org/10.1007/978-3-031-57978-3_6

Premium Partner

Bildnachweise

Rittal/© Rittal, NTT Data/© NTT Data, Wildix/© Wildix, Ceyoniq Technology GmbH/© Ceyoniq Technology GmbH, arvato Systems GmbH/© arvato Systems GmbH, Ninox Software GmbH/© Ninox Software GmbH, Everyday Software S.L./© Everyday Software S.L., Redgate/© Redgate, CELONIS Labs GmbH, DC-Datacenter-Group GmbH/© DC-Datacenter-Group GmbH, all for one/© all for one, G Data CyberDefense/© G Data CyberDefense, FAST LTA/© FAST LTA, Vendosoft/© Vendosoft, Kumavision/© Kumavision, Noriis Network AG/© Noriis Network AG, WSW Software GmbH/© WSW Software GmbH

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"