Author: Koen Vranckaert / KUL
On 11th August 2025, KUL presented a lecture on current developments in EU Cybersecurity and law requirements requiring “security by design” at the Law Faculty of Anadolu University in Eskisehir, Türkiye.
During said presentation, Koen Vranckaert (KUL) provided an outline of how the value of “security by design”, first expressed in the Cybersecurity Act 2019/881, is now finding increased expression in hard law, not only through the NIS 2 Directive, but also through the Artificial Intelligence Act and Cyber Resilience Act.
Focusing on the common threads between the abovementioned laws, the webinar shows that the inclusion of security requirements into product safety law creates new mechanisms and new risks, some of which are easy to fit into a new framework, but some, including the focus on fundamental rights, make the use of standardization difficult. Moreover, the requirements of the CRA to include certification for products create real concerns for the development of open-source tools. However, as the AI Act and the Cyber Resilience Act are upcoming law, those concerns will depend mostly on the implementation of these rules in practice by the Member States. Thus, the final proof of the pudding is in the eating.
The lecture is available on YouTube.