One might sometimes get an impression that cyberlaw is a novel discipline. In fact, it is not. It has been around for more than three decades and many of its areas are already well established, including doctrine, case-law etc. Cybersecurity law, however, is a bit different story. It instantly emerged mostly thanks to specific legislation that started appearing around the world not even ten years ago. Cyber-defence law is even younger with black-letter laws only developing and nearly no case-law - despite we now have plenty of case studies of actual cyber-defence incidents.

In this first module, we will look at the overall picture of cybersecurity and cyber-defence as a regulatory agenda. In particular, we will identify main regulatory issues and challenges and see how they are systematically tackled in international, European and national laws. We will also talk about fundamental institutional distinctions between security, law enforcement and defence. These fundamental elements will serve us also as a basis to understand cultural differences that make it often difficult to establish functioning international cooperation in cybersecurity as well as to identify similarities that, to the contrary, serve as an enabler of closer cooperation between certain nations.

In addition, we will briefly tackle basic regulatory concepts that are used in cybersecurity laws, namely performance-based rules, smart rules and public-private-partnerships and discuss quite unique dynamics of compliance and liability. For cyber-defence law, we will briefly discuss the so-called ‘paradox of big guns’ that makes law making, incl. drafting of international treaties, mostly challenging.

We chose as a basic text for this module the following chapter from the upcoming Edward Elgar book ‘Data Governance in AI, FinTech and LegalTech’ edited by Joseph Lee. The chapter, as well as the whole book, is primarily about IT in financial services. However, the core of the chapter explains in general the above regulatory concepts that do not only work in fintech, but are of universal nature. When reading the text, you can skip the parts that specifically refer to fintech and financial services.

Please, note that the following text is an unpublished manuscript that is copyrighted by Edward Elgar. It can be used only for educational purposes in this course and it is strictly prohibited to make copies, distribute it or even cite it.