Related papers: A NIS2 pan-European registry for identifying and classifying essential and important entities

A NIS2 pan-European registry for identifying and classifying essential and important entities

URL: http://arxiv.org/abs/2508.19395v1
Date: Tue, 26 Aug 2025 19:40:33 GMT
Title: A NIS2 pan-European registry for identifying and classifying essential and important entities
Authors: Fabian Aude Steen, Daniel Assani Shabani,
Abstract summary: The NIS2 Directive establishes a common cybersecurity governance model across the European Union.<n>This thesis presents an analysis of the NIS2 Directive in this context and translates its provisions into concrete technical requirements.<n>Using the Design Science Research methodology, the thesis transforms complex legal provisions into structured, deterministic classification algorithms.
Score: 0.0
License: http://creativecommons.org/licenses/by/4.0/
Abstract: The NIS2 Directive establishes a common cybersecurity governance model across the European Union, requiring member states to identify, classify, and supervise essential and important entities. As part of a broader governance network, member states are also obligated to notify the European Commission, the Cooperation Group, and ENISA about their cybersecurity infrastructure landscape. This thesis presents an analysis of the NIS2 Directive in this context and translates its provisions into concrete technical requirements. These requirements inform the design and implementation of a modular, legally grounded registry system intended to support competent authorities across the EU in meeting their obligations. Using the Design Science Research methodology, the thesis transforms complex legal provisions into structured workflows, deterministic classification algorithms, and interactive dashboards. The resulting system automates key regulatory processes, including entity registration, classification, and notification, while enabling context-aware supervision and reducing administrative burden. It supports both automated and manual registration methods and introduces a contextual labeling system to handle edge cases, risk factors, and cross-directive dependencies. Although developed for the Norwegian regulatory ecosystem, the system is designed for adaptation by other member states with minimal modification. This thesis contributes a reusable framework that bridges legal interpretation and technical implementation, offering a scalable solution for national and EU-level NIS2 cybersecurity governance. It also identifies key limitations and outlines opportunities for future research and development.

Related papers

Self-Sovereign Identity and eIDAS 2.0: An Analysis of Control, Privacy, and Legal Implications [0.9940728137241215]
We analyse the eIDAS 2.0 Regulation and its accompanying recitals, drawing on existing literature to identify legislative gaps and implementation challenges.<n>We examine the European Digital Identity Architecture and Reference Framework (ARF), assessing its proposed guidelines and evaluating the extent to which its emerging implementations align with SSI principles.
arXiv Detail & Related papers (2026-01-27T17:43:48Z)
AI Deployment Authorisation: A Global Standard for Machine-Readable Governance of High-Risk Artificial Intelligence [0.0]
This paper introduces the AI Deployment Authorisation Score (ADAS), a machine-readable regulatory framework that evaluates AI systems.<n>ADAS produces a cryptographically verifiable deployment certificate that regulators, insurers, and infrastructure operators can consume as a license to operate.
arXiv Detail & Related papers (2026-01-11T18:14:20Z)
Gobernanza y trazabilidad "a prueba de AI Act" para casos de uso legales: un marco técnico-jurídico, métricas forenses y evidencias auditables [0.0]
The framework integrates a normative mapping of the regulation to technical controls, a forensic architecture for RAG/LLM systems, and an evaluation system with metrics weighted by legal risk.<n>We present rag-forense, an open-source implementation of the framework, accompanied by an experimental protocol to demonstrate compliance.
arXiv Detail & Related papers (2025-10-12T07:32:55Z)
Towards a Framework for Supporting the Ethical and Regulatory Certification of AI Systems [8.633165810707315]
CERTAIN project aims to integrate regulatory compliance, ethical standards, and transparency into AI systems.<n>We outline the methodological steps for building the core components of this framework.<n>CERTAIN aims to advance regulatory compliance and to promote responsible AI innovation aligned with European standards.
arXiv Detail & Related papers (2025-09-30T08:54:02Z)
Safe and Certifiable AI Systems: Concepts, Challenges, and Lessons Learned [45.44933002008943]
This white paper presents the T"UV AUSTRIA Trusted AI framework.<n>It is an end-to-end audit catalog and methodology for assessing and certifying machine learning systems.<n>Building on three pillars - Secure Software Development, Functional Requirements, and Ethics & Data Privacy - it translates the high-level obligations of the EU AI Act into specific, testable criteria.
arXiv Detail & Related papers (2025-09-08T17:52:08Z)
Towards Safety and Security Testing of Cyberphysical Power Systems by Shape Validation [42.350737545269105]
complexity of cyberphysical power systems leads to larger attack surfaces to be exploited by malicious actors.<n>We propose to meet those risks with a declarative approach to describe cyber power systems and automatically evaluate security and safety controls.
arXiv Detail & Related papers (2025-06-14T12:07:44Z)
Explainable AI Systems Must Be Contestable: Here's How to Make It Happen [2.5875936082584623]
This paper presents the first rigorous formal definition of contestability in explainable AI.<n>We introduce a modular framework of by-design and post-hoc mechanisms spanning human-centered interfaces, technical processes, and organizational architectures.<n>Our work equips practitioners with the tools to embed genuine recourse and accountability into AI systems.
arXiv Detail & Related papers (2025-06-02T13:32:05Z)
Watermarking Without Standards Is Not AI Governance [46.71493672772134]
We argue that current implementations risk serving as symbolic compliance rather than delivering effective oversight.<n>We propose a three-layer framework encompassing technical standards, audit infrastructure, and enforcement mechanisms.
arXiv Detail & Related papers (2025-05-27T18:10:04Z)
Justified Evidence Collection for Argument-based AI Fairness Assurance [7.65321625950609]
This paper introduces a systems-engineering-driven framework, supported by software tooling, to operationalise a dynamic approach to argument-based assurance in two stages.<n>The framework's effectiveness is demonstrated through an illustrative case study in finance, with a focus on supporting fairness-related arguments.
arXiv Detail & Related papers (2025-05-12T21:05:33Z)
COMPL-AI Framework: A Technical Interpretation and LLM Benchmarking Suite for the EU Artificial Intelligence Act [40.233017376716305]
The EU's Artificial Intelligence Act (AI Act) is a significant step towards responsible AI development.<n>It lacks clear technical interpretation, making it difficult to assess models' compliance.<n>This work presents COMPL-AI, a comprehensive framework consisting of the first technical interpretation of the Act.
arXiv Detail & Related papers (2024-10-10T14:23:51Z)
Knowledge-Augmented Reasoning for EUAIA Compliance and Adversarial Robustness of LLMs [1.368472250332885]
The EU AI Act (EUAIA) introduces requirements for AI systems which intersect with the processes required to establish adversarial robustness. This paper presents a functional architecture that focuses on bridging the two properties. We aim to support developers and auditors with a reasoning layer based on knowledge augmentation.
arXiv Detail & Related papers (2024-10-04T18:23:14Z)
An Ontological Approach to Compliance Verification of the NIS 2 Directive [0.0]
This paper introduces an approach that leverages techniques of semantic representation and reasoning, hence an ontological approach, towards the compliance check with the security measures that textual documents prescribe. The formalisation of entities and relations from the directive, and the consequent improved structuring with respect to sheer prose is dramatically helpful for any organisation through the hard task of compliance verification.
arXiv Detail & Related papers (2023-06-30T09:10:54Z)
An automated method for the ontological representation of security directives [0.0]
The paper frames this problem in the context of recent European security directives. The complexity of their language is here thwarted by the extraction of the relevant information, namely of the parts of speech from each clause. The method is showcased on a practical problem, namely to derive an ontology representing the NIS 2 directive, which is the peak of cybersecurity prescripts at the European level.
arXiv Detail & Related papers (2023-06-30T09:04:47Z)
Bridging between LegalRuleML and TPTP for Automated Normative Reasoning (extended version) [77.34726150561087]
LegalRuleML is an XML-based representation framework for modeling and exchanging normative rules. The TPTP input and output formats are general-purpose standards for the interaction with automated reasoning systems. We provide a bridge between the two communities by defining a logic-pluralistic normative reasoning language based on the TPTP format.
arXiv Detail & Related papers (2022-09-12T08:42:34Z)
Towards an Interface Description Template for AI-enabled Systems [77.34726150561087]
Reuse is a common system architecture approach that seeks to instantiate a system architecture with existing components. There is currently no framework that guides the selection of necessary information to assess their portability to operate in a system different than the one for which the component was originally purposed. We present ongoing work on establishing an interface description template that captures the main information of an AI-enabled component.
arXiv Detail & Related papers (2020-07-13T20:30:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.