CSE Colloquium – The EU’s Cybersecurity Framework: what it is, what it means

Presenter: Chris Jay Hoofnagle, Frederik Zuiderveen Borgesius, Lothar Determann, Pieter T.J. Wolters

Abstract:

The European Union has enacted a comprehensive cybersecurity framework (the “Framework”) that imposes far-reaching obligations on developers of standalone software and connected products. This Article describes the European legislative approach before turning to a description of the Framework. Anchored by the Cyber Resilience Act and the Cybersecurity Act, and reinforced by a constellation of sector-specific measures, the Framework effectively creates a California-like-products-liability regime for software. It mandates extensive security-by-design obligations, imposes stringent conformity assessment and incident-reporting duties, and shifts substantial compliance burdens onto manufacturers, importers, and distributors. It even treats emotional wrongs caused by software as injurious. The Framework will take full effect in December 2027, meaning that companies must integrate its requirements into their current product cycles.

Bio: Chris Hoofnagle is professor of law in residence at the University of California, Berkeley, where he teaches tort law and cybersecurity.

Hosted by: Professor Alvaro Cardenas

Location: Engineering 2, Room E2-180 (Refreshments such as fruit, pastries, coffee, and tea will be provided.)

Zoom Option: https://ucsc.zoom.us/j/93445911992?pwd=YkJ2TQtF79h0PcNXbEcpZLbpK0coiY.1&jst=3