Category: News

Doctoral students of the Faculty of Law, UK Mgr. Soňa Juhásová, Mgr. Lucia Rybanová, Mgr. Miroslav Sorkovský and Mgr. Alžbeta Šimeková were supported within the grant scheme of the Competence Centre for the Regulation of Cybersecurity, Privacy Protection and Cybercrime (CUSEC).

In their dissertations, all four focus on the current challenges of the digital space - from the regulation of social platforms and freedom of expression, to the protection of minors on social networks and the use of artificial intelligence in criminal proceedings, to the regulatory tools of cybersecurity.

Support from CUSEC will enable them to actively participate in international conferences and research stays in the field of information technology law, artificial intelligence and digital regulation, develop their own research and at the same time make the Law Faculty of the UK and CUSEC visible in the international academic environment.

In Topoľčany we met with PaedDr. Martina Mazáňová, PhD., the director of the Gymnasium at Ul. November 17. 🤝📚

They attended the meeting for CUSEC doc. JUDr. Jozef Andraško, PhD. and Mgr. Maroš Pavlovič, PhD., LL.M. Together, we continued the cooperation, which was recently confirmed by the signed memorandum. ✍️🤝

The discussion was very stimulating. 💬✨
In addition to the planned courses and activities for students, we also talked about current challenges in the area cyber bullying, which affects an increasing number of young people. 🧑‍💻⚠️

It is a topic that we want to address systematically and in close cooperation with memorandum secondary schools. 🛡️👩‍🏫👨‍🏫

On November 3 and 4, 2025, a professional conference was held in the High Tatras "KYBER2025: AI and the Future of Cybersecurity", which was organized by the National Security Office of the Slovak Republic (hereinafter referred to as "NBÚ"). The conference was attended by representatives of the National Security Agency, the Competence and Certification Center for cybersecurity and the Faculty of Law of the Comenius University Bratislava (hereinafter referred to as "Faculty of Law, Comenius University Bratislava").

Faculty of Law, Comenius University Bratislava was represented at the conference by the heads of the Department of Criminal Law, Criminology and Criminology prof. JUDr. Jozef Čentéš, DrSc. and an internal doctoral student Mgr. Alžbeta Šimeková, who participated in the event as part of the project of the Competence Centre for the regulation of Cybersecurity, privacy protection and Cybercrime (CUSEC).

Prof. Čenteš actively spoke at the conference with a professional contribution on the topic "Criminal Liability of Cybersecurity Managers". In his speech, he addressed the issue of the legal status and responsibility of cybersecurity managers in connection with the fulfillment of obligations under the Cyber ​​Security Act, as well as the limits of criminal liability in the event of their violation. He also discussed selected facts of crimes committed in cyberspace, including unauthorized access to a computer system, dangerous electronic harassment, as well as the issue of ransomware attacks. In the context of the amendment to the Criminal Code effective from August 6, 2025, he analyzed the new factual elements of criminal offenses of violation of restrictive measures and the introduction of the concept of "gross negligence". His contribution appropriately complemented expert presentations focused on current issues of cybersecurity, new regulatory measures and the security of artificial intelligence, thus contributing to a comprehensive view of the connection between criminal liability, the regulatory framework and technological aspects of cyberspace protection.

The approach of the NBU can be appreciated, which through the selection of topics, the professional level of the contributions and the moderation of the program ensured that the course of the conference was factual, professionally balanced and stimulating, while it was characterized by the active participation of those present in the discussions.

V dňoch 23. a 24. októbra bol JUDr. Marek Adamkovič na konferencii Truth and Authority in Criminal Justice organizovanú Právnickou fakultou Maastrichtskej Univerzity. Na konferencii aktívne vystúpil s príspevkom Disinformation, Public Health, and the Role of Criminal Law. Išlo o prezentáciu výskumu ktorý realizoval spoločne so svojim školiteľom doc. JUDr. Marekom Kordíkom, PhD., LL.M. Výskum sa zaoberal otázkou „Či je trestné právo vhodným nástrojom na postihovanie dezinformácii súvisiacich s verejným zdravím“, pričom pre daný účel bol analyzovaný pojem verejné zdravie v rôznych prameňoch medzinárodného práva, a tiež rozhodovacia činnosť ESĽP vo vzťahu ku slobode prejavu a jej obmedziteľnosti z dôvodu ochrany zdravia tak, ako to predpokladá čl. 10 ods. 2 Dohovoru o ochrane ľudských práv a základných slobôd. Preskúmané súdne rozhodnutia napovedajú, že Európsky súd pre ľudské práva vníma ochranu verejného zdravia ako legitímny cieľ, avšak kriminalizácia konaní ktoré by doň zasahovali realizovaním slobody prejavu sa nemusí javiť ako proporcionálne opatrenie. Limitáciu výskumu je však malý počet súdnych rozhodnutí ktoré zároveň posudzovali prípady administratívnych sankcii a nie sankcii uložených na základe porušení trestného zákona.

V časopise Časopis pro právní vědu a praxi vyšiel nový článok s názvom „Ransomvér a úhrada výkupného v kontexte trestného práva“, ktorého autormi sú prof. Jozef Čentéš a Michal Rampašek.

The publication was created within CUSEC project and addresses one of the current challenges at the intersection of cybersecurity, compliance and criminal law – the legal consequences of paying ransom after ransomware attacks.

The authors analyze this issue from a Slovak and Czech perspective, focusing mainly on:
🔹 laundering proceeds from the ransom through cryptocurrencies and anonymization tools,
🔹 possible criminal law risks (money laundering, terrorist financing, violation of EU sanctions), and
🔹 decision-making framework from the point of view of compliance for organizations facing ransom payment requirements.

At a time when the number of ransomware attacks in Europe is constantly growing, this article offers up-to-date knowledge not only for experts in criminal law, but also for CISOs, compliance and risk managers who deal with real incidents in practice.

Dňa 15. októbra 2025 sa uskutočnilo prvé stretnutie medzi riaditeľkou Základnej školy a Gymnázia s vyučovacím jazykom maďarským na Dunajskej ulici 13 v Bratislave, Mgr. Katarínou Morvayovou, a zástupcami Kompetenčného centra pre reguláciu kybernetickej bezpečnosti, ochrany súkromia a kybernetickej kriminality, doc. Andraškom a Dr. Gyurászom.

Stretnutie nadviazalo na nedávno podpísané memorandum o spolupráci, ktorého cieľom je posilniť povedomie o kybernetickej bezpečnosti a ochrane súkromia medzi žiakmi a pedagógmi.

📘 Pre stredné školy bude Kompetenčné centrum zabezpečovať sériu odborných školení s názvom „Kybernetická hygiena pre stredné školy“, ktoré sa zameriavajú na témy z oblasti kybernetickej bezpečnosti, ochrany súkromia a kybernetickej kriminality.

💡 Pre študentov sa pripravujú vzdelávacie aktivity v atraktívnom a veku primeranom formáte, ktoré podporia zodpovedné správanie, kritické myslenie a bezpečný pohyb vo virtuálnom prostredí.

Táto spolupráca predstavuje dôležitý krok k budovaniu digitálne uvedomelej a bezpečnej generácie.

Welcome to the second edition of CUSEC News. Each week, we'll provide an overview of the key regulations, upcoming laws, court decisions, courses, and research that are shaping the rapidly changing fields of cybersecurity, privacy, and cybercrime.

Regulators and individual representatives of various industries around the world are trying to secure a digital space where advances in artificial intelligence, data protection and cyber resilience must go hand in hand.

Last week's news:

· The European Commission presented new strategies to speed up the implementation of artificial intelligence across Europe with an emphasis on innovation, ethics and competitiveness. (EK) · Daily attacks on critical infrastructure in Switzerland. (SRF)

· Starting in 2026, manufacturers of fully automated vehicles will be liable for traffic violations in Florida. (CBS News)

· The London police force arrested two 17-year-old boys in connection with the recent cyber attack at London-based childcare chain Kido. (ComputerWeekly)

· Australia's Qantas Airways announced the leak of customer data after a cyber attack. (Reuters)

· The Italian Data Protection Authority has imposed a temporary restriction on the processing of user data of the Clothoff Deepfake application as of October 3. (GPDP) · Czech cyber agency NÚKIB reports DDoS attacks on local entities. (NÚKIB) · Microsoft 365 Education illegally tracked users. (NOYB)

· The University of Oxford has supported the debate on the ethical use of AI through the Harness of AI for Justice initiative, exploring the potential of AI to improve justice in the justice system. (Oxford)

1️ Regulation

California: AI Safety Legislation

California passed a package of 18 new laws aimed at AI security, including in the areas of deepfake, data protection and AI liability. It is the first US state to directly regulate AI safety. The legislation is also based on the recommendations of the Joint Policy Working Group on AI Frontier Models. (Jones Walker)

EU: Guidelines on DSA and DMA

The European Commission and the European Data Protection Board (EDPB) have issued a new joint proposal

guidance clarifying the relationship between the Digital Services Act (DSA) and the GDPR. The aim is to promote compliance in all Member States. Guideline 3/2025 focuses on the application of data protection under DSA, in particular with regard to transparency, data processing and accountability. (EDPB)

2️ Prepared legal regulations

Germany: Draft Federal Law on Information Security

The new draft federal law on information security implements the NIS-2 Directive [Entwurf eines Gesetzes zur Utszeug der NIS-2-Richtlinie und zur Regelung wesentlicher Grundzüge des Informationssicherheits-managements in der Bundesverwaltung] and establishes a clear framework for strengthening cybersecurity. The management is obliged to complete training on relevant cyber risks and information security practices according to §38 par. 3 of the bill. The NIS-2 training [NIS-2-Geschäftsleistungsschulung] provides preliminary recommendations especially for institutions obliged to fulfill the new tasks resulting from the proposal.

3️ Courses and events

Embodied AI: Invisible Cues 📅 October 23, 2025

📍 Online 🔗 Registration

Automated vehicles communicate not only through data and sensors, but also through behavior. Don't miss the opportunity to learn how artificial intelligence can contribute to increasing mobility safety.

EdTech Conference 2025 📅 October 30, 2025

📍 Brusel 🔗 Detaily podujatia

Explore the latest trends in digital learning and AI tools for future classrooms. The event will bring together industry leaders, startups, politicians, universities and schools.

AI in Science Summit 2025 📅 3–4. november 2025

📍 Copenhagen 🔗 Event details

The summit will bring together scientists, industry leaders, investors and policy makers to discuss the transformation of AI research and the future of Europe.

4️ Literature

The Future of Privacy Forum tracked 210 bills in 42 states and identified key trends in AI development in the private sector. (FPF)

The European Commission has launched the Apply AI strategy, which accelerates the adoption of AI and strengthens technological sovereignty. (Communique)

AI in science is pushing the boundaries of research, with research and innovation at the center. AI is an extremely useful tool for scientists and accelerates scientific discoveries. (Communique)

The European Commission has introduced a framework to categorize modified general AI models (GPAIs) as "new models" based on behavioral changes. The revised model should be considered a new system under the AI ​​Act. The report outlines two ways to measure behavior change: by directly comparing skills or outputs, or by using proxy metrics, calculations and data usage. (Publication Office of the European Union)

A new European Commission report focuses on how digital technologies and AI are changing the world of work in Europe. According to the AIM-WORK survey 2024-2025, more than 90% of workers use digital devices and one in three employees already use AI tools. (JRC Publications Repository)

💬 Your opinions?

Share them in the comments and share this newsletter with colleagues interested in the future of cybersecurity law, privacy protection, and cybercrime prevention.

🔔 Subscribe to be always informed!

Your weekly overview of regulation, privacy and cybercrime

Edition no. 1 | 6 October 2025

Welcome to the pilot edition of the newsletter CUSEC News, v ktorom Vám každý týždeň  prinesieme prehľad nových právnych predpisov, pripravovaných zákonov, súdnych rozhodnutí, vzdelávacích podujatí a zaujímavej literatúry, ktoré formujú oblasť kybernetickej bezpečnosti, ochrany súkromia a boj proti kyberkriminalite.

Why it matters: Cybersecurity incidents are increasing rapidly. Just last month:

• Stellantis, one of the world's largest car manufacturers, has confirmed a data breach after its external supplier was hacked (TechRadar).
• British airports paralyzed by cyber attacks, demonstrating the vulnerability of critical infrastructure (Independent).
• Nearly a billion Salesforce records were stolen, according to hackers (Reuters).
• Meanwhile, South Korea, the US, China, Germany and Japan are moving towards a common artificial intelligence (AI) safety standard for Level 4 fully automated vehicles (Danawa).

It's October Cybersecurity awareness month, which is a good opportunity to remember that cybersecurity is not only a technical but also a legal, regulatory and ethical challenge.

1️⃣ Regulation

Slovensko: Decrees č. 227/2025 a č. 226/2025 o bezpečprotective measures and incident reporting

📌 Od 1.9.2025 sú účinné dve nové vyhlášky NBÚ (SR), ktoré sa týkajú zákona 69/2025 Z.z. o kybernetickej bezpečnosti. Vyhláška NBÚ  227/2025 o bezpečnostných opatreniach (Slovlex), which establishes the content of security measures, the scope of general security measures for networks and information systems and operational technologies, and the content and structure of security documentation according to § 20 of the Act on cybersecurity. 

Decree 226/2025 establishing details of reports (Slovlex).  

At the same time, the NBU issued the Risk Analysis Methodology for application in risk management processes in accordance with the requirements of Act No. 69/2018 Coll. on cybersecurity and on the amendment of certain laws, as amended.

Nemecko: Decree on diaľmetal traffic management 

📌 Germany adopted a decree regulating the remote control of automated vehicles (Straßenverkehr-Fernlenk-Verordnung). It establishes the conditions of type approval, the obligations of operators and requirements for cybersecurity, it is a precedent for mobility controlled by artificial intelligence.

Taliansko: Artificial Intelligence Act

📌 Italy became one of the first EU countries to adopt a law on artificial intelligence at the national level, regulating its use in public administration and the private sector. The law introduces transparency obligations, ethical standards and restrictions on the use of surveillance technologies. (lexia.it, Squire Patton Boggs)

EU: Interpretation of Regulation (EU) 2022/1426 on type approvalľovation of automated control systems

📌 Hoci nariadenie (EÚ) 2022/1426 vytvára rámec pre testovanie a schvaľovanie systémov automatizovaného riadenia (ADS), jeho výklad má zásadný význam pre  prax.

Consequence: Companies developing ADSs must emphasize cybersecurity by design, risk assessment and transparent reporting.

2️⃣ Prepared legislation

ČCzech Republic: Draft Law on Artificial Intelligence

📌 The Czech Republic submitted a draft law on artificial intelligence (Zact on artificial intelligence) implementing the act on artificial intelligence. It introduces supervisory authorities, compliance obligations for high-risk systems and regulatory sandboxes.

EU: Usmernenie k čArticle 73 of the AI Act

📌 The European Commission has published a draft guideline and model for reporting incidents with high-risk AI systems. Under Article 73, serious incidents must be reported without undue delay, putting in practice a mechanism of accountability, transparency and remedial action throughout the AI lifecycle.

3️⃣ Court decisions

In the following editions, we will bring an overview of groundbreaking decisions, especially in the area of personal data protection and liability for cybercrime.

Judgment of the Court of Justice of the EU - case C-474/24 (NADA Austria and others)

📌 Generálny advokát uviedol, že zverejňovanie porušení antidopingových pravidiel športovcami je podľa GDPR prípustné len vtedy, ak je primerané a v súlade s minimalizáciou uchovávania údajov.Údaje o dopingu môžu zahŕňať zdravotné alebo  informácie týkajúce sa previnení športovca, preto ich zverejnenie musí byť odôvodnené verejným záujmom a posudzované individuálne. Generálny advokát tiež potvrdil, že subjekt údajov môže podať sťažnosť aj v prípade hroziaceho spracovania údajov, čím sa posilňuje preventívna ochrana podľa GDPR. (Press release of the CJEU)

4️⃣ Courses and events

CRA - Strengthening the resilience of the EU market

📅 October 8, 2025
 📍 Bucharest, organizer of ENISA

🔗 Detaily podujatia

The event focuses on the Cyber Resilience Act (CRA), effective from 10 December 2024, which introduces cybersecurity requirements for products with digital elements as a condition of EU market access. Manufacturers must ensure compliance throughout the product life cycle.

ENISA organizes an event within the BCC2025 conference (Bucharest Cybersecurity Conference), which takes place on 6–7 October 2025.

Business modely kyberkriminality

📅 November 2025
 📍 Virtually, organized by Oxford University

🔗 Detaily podujatia

The event focuses on cybercrime ecosystems through law enforcement case studies and expert discussions. This is an excellent opportunity for experts and students to learn about current research on the functioning of cyber markets.

5️⃣ Literature

In this edition, we highlight the ENISA Threat Landscape 2025 report (October 2025), which analyzes 4,875 cyber incidents within the EU.

✨ O projekte CUSEC

CUSEC (Kompetenčné centrum pre reguláciu kybernetickej bezpečnosti, ochranu súkromia a boj proti kyberkriminalite) si kladie za cieľ vytvoriť  odborné pracovisko pre vzdelávanie, výskum a podporu v oblasti kybernetickej regulácie, ochrany súkromia a boja proti kyberkriminalite.

Our activities include:

• development of methodologies and educational materials,
• professional consultations for schools and institutions,
• support of government CSIRT units in incident resolution,
• research in the field of cyber regulation, privacy protection and cybercrime,
• lifelong learning for public administration, schools and the general public,
• building international partnerships with universities and research centers.

This is just the beginning. CUSEC News will bring you weekly news from the field of regulation, jurisprudence, research and education.

This question was discussed by CUSEC member Michal Rampášek at the EPI conference.

🔒 Od 1. augusta 2025 the Commission's delegated regulation on the RED (Radio Equipment Directive), which introduces the first mandatory cybersecurity requirements for wireless equipment in the EU, will come into force.
💡 O two years later will follow up Cyber Resilience Act (CRA) – with even broader obligations for all products with digital elements, from end devices to components to software and chips.

For manufacturers, importers, distributors and integrators, this means a fundamental change: requirements for product security, liability for vulnerabilities and the need to demonstrate compliance throughout the entire product life cycle.

V príspevku sa venoval aj prepojeniam a rozdielom medzi RED a CRA, ich vzťah k normám EN 18031 and ISA/IEC 62443, but also practical questions such as "when is the product launched on the market" or "who is responsible for the compliance of the components."

Dňa 23.9. a 24.9.2025 sa konala konferencia Cyber Security Bratislava, organized by the Ministry of the Interior of the Slovak Republic in cooperation with the Ministry of Investments, Regional Development and Informatization of the Slovak Republic.

Na konferencii vystúpili aktívne dvaja členovia CUSEC a viacerí v rámci pasívnej účasti.

Doc. JUDr. Jozef Andraško, PhD., garant CUSECu, prezentoval jednotlivé aktivity Kompetenčného centra pre reguláciu kybernetickej bezpečnosti, ochrany súkromia a kybernetickej kriminality. Konkrétne sa zameral na aktivitu celoživotného vzdelávania pre zamestnancov verejnej správy  v podobe kurzov:

• Fundamentals of cybersecurity regulation and related areas a
• Accountability relationships in cybersecurity.

JUDr. In his contribution, Michal Rampášek focused on key criminal law issues related to the investigation of ransomware attacks. He analyzed the substantive and procedural aspects of cybercrime prosecution in this area, including the role of CSIRT/CERT units in responding to incidents and providing expertise to law enforcement agencies. He paid special attention to the issue of electronic evidence and its applicability in criminal proceedings.