This White Paper explores the legal dimensions of the European Union (EU)’s value-driven cybersecurity by investigating the notions of ‘value-driven’ and ‘cybersecurity’ from the perspective of EU law. It starts with a general overview of legal issues in current value-driven cybersecurity debates (Chapter 2), showing how values embedded within the framework of EU governing treaties have evolved during the integration process, and the important role they play in the cybersecurity regulation at EU level.
Chapter 3 of the White Paper is devoted to the main critical challenges in this area: 1) the varied and sometimes unclear uses of the term ‘cybersecurity’, 2) the roles of stakeholders and the cooperation between them, and the 3) securitization of EU values and interests through cybersecurity rules. Chapter 4 points out and describes specific controversies concerning cybersecurity regulation in the EU.
Ten disputed issues are given particular attention: 1) the functioning of human rights as drivers for EU regulation, 2) the regulation of risks to society through individual risk identification and proactive action, 3) the attribution of roles to different stakeholders, 4) how individuals are being awarded with more rights, 5) controllership of data, 6) copyright protection, 7) regulation of online content, 8) the use of encryption, 9) permissibility of massive and generalised surveillance of individuals and 10) counterterrorism measures.
Chapter 5 summarises the main findings of the literature review. The White Paper recognises that legislative and policy measures within the cybersecurity domain challenge EU fundamental rights and principles, stemming from EU values. The White Paper concludes that with the constantly growing number of EU measures governing the cybersecurity domain, the embedment of EU values enshrined in the EU Charter within these measures take place both on an ex ante and an ex post basis.