Related papers: Risks and Compliance with the EU's Core Cyber Security Legislation

Risks and Compliance with the EU's Core Cyber Security Legislation

URL: http://arxiv.org/abs/2508.21386v1
Date: Fri, 29 Aug 2025 08:02:57 GMT
Title: Risks and Compliance with the EU's Core Cyber Security Legislation
Authors: Jukka Ruohonen, Jesper Løffler Nielsen, Jakub Skórczynski,
Abstract summary: The paper investigates how risks are framed in the EU's five core cyber security legislative acts.<n>Technical aspects and assets are used to frame the legal risk notions in many of the legislative acts.<n>A threat-centric viewpoint is also present in one of the acts.
Score: 0.0
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: The European Union (EU) has long favored a risk-based approach to regulation. Such an approach is also used in recent cyber security legislation enacted in the EU. Risks are also inherently related to compliance with the new legislation. Objective: The paper investigates how risks are framed in the EU's five core cyber security legislative acts, whether the framings indicate convergence or divergence between the acts and their risk concepts, and what qualifying words and terms are used when describing the legal notions of risks. Method : The paper's methodology is based on qualitative legal interpretation and taxonomy-building. Results: The five acts have an encompassing coverage of different cyber security risks, including but not limited to risks related to technical, organizational, and human security as well as those not originating from man-made actions. Both technical aspects and assets are used to frame the legal risk notions in many of the legislative acts. A threat-centric viewpoint is also present in one of the acts. Notable gaps are related to acceptable risks, non-probabilistic risks, and residual risks. Conclusion: The EU's new cyber security legislation has significantly extended the risk-based approach to regulations. At the same time, complexity and compliance burden have increased. With this point in mind, the paper concludes with a few practical takeaways about means to deal with compliance and research it.

Related papers

Constrained Language Model Policy Optimization via Risk-aware Stepwise Alignment [49.2305683068875]
We propose Risk-aware Stepwise Alignment (RSA), a novel alignment method that incorporates risk awareness into the policy optimization process.<n> RSA mitigates risks induced by excessive model shift away from a reference policy, and it explicitly suppresses low-probability yet high-impact harmful behaviors.<n> Experimental results demonstrate that our method achieves high levels of helpfulness while ensuring strong safety.
arXiv Detail & Related papers (2025-12-30T14:38:02Z)
Safety Compliance: Rethinking LLM Safety Reasoning through the Lens of Compliance [49.50518009960314]
Existing safety methods rely on ad-hoc taxonomy and lack a rigorous, systematic protection.<n>We develop a new benchmark for safety compliance by generating realistic LLM safety scenarios seeded with legal statutes.<n>Our experiments demonstrate that the Compliance Reasoner achieves superior performance on the new benchmark.
arXiv Detail & Related papers (2025-09-26T12:11:29Z)
An Overview of the Risk-based Model of AI Governance [0.0]
The 'Analysis' section proposes several criticisms of the risk based approach to AI governance.<n>It argues that the notion of risk is problematic as its inherent normativity reproduces dominant and harmful narratives about whose interests matter.<n>This paper concludes with the suggestion that existing risk governance scholarship can provide valuable insights toward the improvement of the risk based AI governance.
arXiv Detail & Related papers (2025-07-21T06:56:04Z)
Context Reasoner: Incentivizing Reasoning Capability for Contextualized Privacy and Safety Compliance via Reinforcement Learning [53.92712851223158]
We formulate safety and privacy issues into contextualized compliance problems following the Contextual Integrity (CI) theory.<n>Under the CI framework, we align our model with three critical regulatory standards: EU AI Act, and HIPAA.<n>We employ reinforcement learning (RL) with a rule-based reward to incentivize contextual reasoning capabilities while enhancing compliance with safety and privacy norms.
arXiv Detail & Related papers (2025-05-20T16:40:09Z)
On Algorithmic Fairness and the EU Regulations [0.2538209532048867]
The paper focuses on algorithmic fairness focusing on non-discrimination in the European Union (EU)<n>The paper demonstrates that correcting discriminatory biases in AI systems can be legally done under the EU regulations.<n>The paper contributes to the algorithmic fairness research with a few legal insights, enlarging and strengthening the growing research domain of compliance in AI engineering.
arXiv Detail & Related papers (2024-11-13T06:23:54Z)
AI Risk Categorization Decoded (AIR 2024): From Government Regulations to Corporate Policies [88.32153122712478]
We identify 314 unique risk categories organized into a four-tiered taxonomy. At the highest level, this taxonomy encompasses System & Operational Risks, Content Safety Risks, Societal Risks, and Legal & Rights Risks. We aim to advance AI safety through information sharing across sectors and the promotion of best practices in risk mitigation for generative AI models and systems.
arXiv Detail & Related papers (2024-06-25T18:13:05Z)
AI Risk Management Should Incorporate Both Safety and Security [185.68738503122114]
We argue that stakeholders in AI risk management should be aware of the nuances, synergies, and interplay between safety and security. We introduce a unified reference framework to clarify the differences and interplay between AI safety and AI security.
arXiv Detail & Related papers (2024-05-29T21:00:47Z)
Risks of AI Scientists: Prioritizing Safeguarding Over Autonomy [65.77763092833348]
This perspective examines vulnerabilities in AI scientists, shedding light on potential risks associated with their misuse.<n>We take into account user intent, the specific scientific domain, and their potential impact on the external environment.<n>We propose a triadic framework involving human regulation, agent alignment, and an understanding of environmental feedback.
arXiv Detail & Related papers (2024-02-06T18:54:07Z)
The risks of risk-based AI regulation: taking liability seriously [46.90451304069951]
The development and regulation of AI seems to have reached a critical stage. Some experts are calling for a moratorium on the training of AI systems more powerful than GPT-4. This paper analyses the most advanced legal proposal, the European Union's AI Act.
arXiv Detail & Related papers (2023-11-03T12:51:37Z)
RiskQ: Risk-sensitive Multi-Agent Reinforcement Learning Value Factorization [49.26510528455664]
We introduce the Risk-sensitive Individual-Global-Max (RIGM) principle as a generalization of the Individual-Global-Max (IGM) and Distributional IGM (DIGM) principles. We show that RiskQ can obtain promising performance through extensive experiments.
arXiv Detail & Related papers (2023-11-03T07:18:36Z)
Acceptable risks in Europe's proposed AI Act: Reasonableness and other principles for deciding how much risk management is enough [0.0]
The Act aims to promote "trustworthy" AI with a proportionate regulatory burden. Its provisions on risk acceptability require residual risks from high-risk systems to be reduced or eliminated "as far as possible" This paper argues that the Parliament's approach is more workable, and better balances the goals of proportionality and trustworthiness.
arXiv Detail & Related papers (2023-07-26T09:21:58Z)
Normative Challenges of Risk Regulation of Artificial Intelligence and Automated Decision-Making [0.0]
Recent proposals aim at regulating artificial intelligence (AI) and automated decision-making (ADM) The most salient example is the Artificial Intelligence Act (AIA) proposed by the European Commission. This article addresses challenges for adequate risk regulation that arise primarily from the specific type of risks involved.
arXiv Detail & Related papers (2022-11-11T13:57:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.