Download PDFOpen PDF in browser

Cybersecurity Due Diligence

EasyChair Preprint no. 5111

8 pagesDate: March 9, 2021


The 2016 EU Directive on security of network and information systems (NIS Directive) is arguably the most significant attempt at increasing cybersecurity and network resiliency in Europe. It includes Internet based services and their operators into the well established category of critical infrastructure (CI). This implies an increased reliance on business participation. Critical internet infrastructures have become required to share information on threats and best practices in preventing and combating cyberthreats. Implementation of the NIS Directive makes cybersecurity one more area of international law and policy that relies on a good-business practice based standard of due diligence, required from critical infrastructures operators. This has thus far been the case for e.g. power plant operators, water suppliers or banking services. The proposed paper seeks to put this latest development of cybersecurity in the context of contemporary international law, drawing analogies with the law of state responsibility and international liability, as developed by international environmental law, law of treaties or diplomatic relations. Its ultimate aim is to identify a cybersecurity due diligence standard as per international law.

Keyphrases: Cybersecurity, due diligence, international liability, NIS Directive, state responsibility

BibTeX entry
BibTeX does not have the right entry for preprints. This is a hack for producing the correct reference:
  author = {Joanna Kulesza},
  title = {Cybersecurity Due Diligence},
  howpublished = {EasyChair Preprint no. 5111},

  year = {EasyChair, 2021}}
Download PDFOpen PDF in browser