Hall 9, 26/06/2018 (13.30-15.30)
In September 2017, the European Commission and the European External Action Service published the Joint Communication on “Resilience, Deterrence and Defence: Building strong cybersecurity for the EU” (JOIN/2017/0450 final). In the Communication, the Commission announced its intention to launch a joint initiative with industry to define a "duty of care" principle for reducing product/software vulnerabilities and promoting "security by design".
A “duty of care” as regards cybersecurity in services and products would be associated to a liability regime where a vendor or service provider is legally responsible due to negligence or fault (as opposed to a strict liability regime that entails liability without fault). The establishment of a “duty” presupposes an agreement on a cybersecurity “standard of care” or, in other words, a set of principles/requirements that all vendors and service providers would need to adhere to including of course security by design but also patching, vulnerability disclosure policies etc. As regards enforcement and uptake, both regulatory and co-regulatory options may be envisaged.
- Fenneke BUSKERMOLEN (European Commission, Cybersecurity & Digital Privacy Unit), Moderator
- Eireann LEVERETT (University of Cambridge, Centre For Risk Studies, United Kingdom), Standardisation and Certification in IoT
- Eric TJONG TJIN TAI (Tilburg University, Private Law, Netherlands), The legal framework
- Guillermo BELTRÀ (BEUC - The European Consumer Organisation, Belgium), Time for secure connected products in the IoT
- Sandra VAN DER WEIDE (Ministry of Economic Affairs and Climate Policy of the Netherlands), A joint roadmap to help increase digital hardware and software security: the Dutch approach
- Johannes NITSCHKE (Siemens, Government Affairs, Belgium), The Charter of Trust
- Tiemo WOELKEN (European Parliament, Germany), Speaker