Category: News

  • CUSEC NEWS #1

    CUSEC NEWS #1

    Your weekly overview of regulation, privacy and cybercrime

    Edition no. 1 | 6 October 2025

    Welcome to the pilot edition of the newsletter CUSEC News, v ktorom Vám každý týždeň  prinesieme prehľad nových právnych predpisov, pripravovaných zákonov, súdnych rozhodnutí, vzdelávacích podujatí a zaujímavej literatúry, ktoré formujú oblasť kybernetickej bezpečnosti, ochrany súkromia a boj proti kyberkriminalite.

    Why it matters: Cybersecurity incidents are increasing rapidly. Just last month:

    • Stellantis, one of the world's largest car manufacturers, has confirmed a data breach after its external supplier was hacked (TechRadar).
    • British airports paralyzed by cyber attacks, demonstrating the vulnerability of critical infrastructure (Independent).
    • Nearly a billion Salesforce records were stolen, according to hackers (Reuters).
    • Meanwhile, South Korea, the US, China, Germany and Japan are moving towards a common artificial intelligence (AI) safety standard for Level 4 fully automated vehicles (Danawa).

    It's October Cybersecurity awareness month, which is a good opportunity to remember that cybersecurity is not only a technical but also a legal, regulatory and ethical challenge.

    1️⃣ Regulation

    Slovensko: Decrees č. 227/2025 a č. 226/2025 o bezpečprotective measures and incident reporting

    📌 Od 1.9.2025 sú účinné dve nové vyhlášky NBÚ (SR), ktoré sa týkajú zákona 69/2025 Z.z. o kybernetickej bezpečnosti. Vyhláška NBÚ  227/2025 o bezpečnostných opatreniach (Slovlex), which establishes the content of security measures, the scope of general security measures for networks and information systems and operational technologies, and the content and structure of security documentation according to § 20 of the Act on cybersecurity. 

    Decree 226/2025 establishing details of reports (Slovlex).  

    At the same time, the NBU issued the Risk Analysis Methodology for application in risk management processes in accordance with the requirements of Act No. 69/2018 Coll. on cybersecurity and on the amendment of certain laws, as amended.

    Nemecko: Decree on diaľmetal traffic management 

    📌 Germany adopted a decree regulating the remote control of automated vehicles (Straßenverkehr-Fernlenk-Verordnung). It establishes the conditions of type approval, the obligations of operators and requirements for cybersecurity, it is a precedent for mobility controlled by artificial intelligence.

    Taliansko: Artificial Intelligence Act

    📌 Italy became one of the first EU countries to adopt a law on artificial intelligence at the national level, regulating its use in public administration and the private sector. The law introduces transparency obligations, ethical standards and restrictions on the use of surveillance technologies. (lexia.it, Squire Patton Boggs)

    EU: Interpretation of Regulation (EU) 2022/1426 on type approvalľovation of automated control systems

    📌 Hoci nariadenie (EÚ) 2022/1426 vytvára rámec pre testovanie a schvaľovanie systémov automatizovaného riadenia (ADS), jeho výklad má zásadný význam pre  prax.

    Consequence: Companies developing ADSs must emphasize cybersecurity by design, risk assessment and transparent reporting.

    2️⃣ Prepared legislation

    ČCzech Republic: Draft Law on Artificial Intelligence

    📌 The Czech Republic submitted a draft law on artificial intelligence (Zact on artificial intelligence) implementing the act on artificial intelligence. It introduces supervisory authorities, compliance obligations for high-risk systems and regulatory sandboxes.

    EU: Usmernenie k čArticle 73 of the AI Act

    📌 The European Commission has published a draft guideline and model for reporting incidents with high-risk AI systems. Under Article 73, serious incidents must be reported without undue delay, putting in practice a mechanism of accountability, transparency and remedial action throughout the AI lifecycle.

    3️⃣ Court decisions

    In the following editions, we will bring an overview of groundbreaking decisions, especially in the area of personal data protection and liability for cybercrime.

    Judgment of the Court of Justice of the EU - case C-474/24 (NADA Austria and others)

    📌 Generálny advokát uviedol, že zverejňovanie porušení antidopingových pravidiel športovcami je podľa GDPR prípustné len vtedy, ak je primerané a v súlade s minimalizáciou uchovávania údajov.Údaje o dopingu môžu zahŕňať zdravotné alebo  informácie týkajúce sa previnení športovca, preto ich zverejnenie musí byť odôvodnené verejným záujmom a posudzované individuálne. Generálny advokát tiež potvrdil, že subjekt údajov môže podať sťažnosť aj v prípade hroziaceho spracovania údajov, čím sa posilňuje preventívna ochrana podľa GDPR. (Press release of the CJEU)

    4️⃣ Courses and events

    CRA - Strengthening the resilience of the EU market

    📅 October 8, 2025
     📍 Bucharest, organizer of ENISA

    🔗 Detaily podujatia

    The event focuses on the Cyber Resilience Act (CRA), effective from 10 December 2024, which introduces cybersecurity requirements for products with digital elements as a condition of EU market access. Manufacturers must ensure compliance throughout the product life cycle.

    ENISA organizes an event within the BCC2025 conference (Bucharest Cybersecurity Conference), which takes place on 6–7 October 2025.

    Business modely kyberkriminality

    📅 November 2025
     📍 Virtually, organized by Oxford University

    🔗 Detaily podujatia

    The event focuses on cybercrime ecosystems through law enforcement case studies and expert discussions. This is an excellent opportunity for experts and students to learn about current research on the functioning of cyber markets.

    5️⃣ Literature

    In this edition, we highlight the ENISA Threat Landscape 2025 report (October 2025), which analyzes 4,875 cyber incidents within the EU.

    ✨ O projekte CUSEC

    CUSEC (Kompetenčné centrum pre reguláciu kybernetickej bezpečnosti, ochranu súkromia a boj proti kyberkriminalite) si kladie za cieľ vytvoriť  odborné pracovisko pre vzdelávanie, výskum a podporu v oblasti kybernetickej regulácie, ochrany súkromia a boja proti kyberkriminalite.

    Our activities include:

    • development of methodologies and educational materials,
    • professional consultations for schools and institutions,
    • support of government CSIRT units in incident resolution,
    • research in the field of cyber regulation, privacy protection and cybercrime,
    • lifelong learning for public administration, schools and the general public,
    • building international partnerships with universities and research centers.

    This is just the beginning. CUSEC News will bring you weekly news from the field of regulation, jurisprudence, research and education.

  • Ako regulácia CRA a RED menia pravidlá kybernetickej bezpečnosti digitálnych produktov?

    How are CRA and RED regulation changing cybersecurity rules for digital products?

    This question was discussed by CUSEC member Michal Rampášek at the EPI conference.

    🔒 Od 1. augusta 2025 the Commission's delegated regulation on the RED (Radio Equipment Directive), which introduces the first mandatory cybersecurity requirements for wireless equipment in the EU, will come into force.
    💡 O two years later will follow up Cyber Resilience Act (CRA) – with even broader obligations for all products with digital elements, from end devices to components to software and chips.

    For manufacturers, importers, distributors and integrators, this means a fundamental change: requirements for product security, liability for vulnerabilities and the need to demonstrate compliance throughout the entire product life cycle.

    V príspevku sa venoval aj prepojeniam a rozdielom medzi RED a CRA, ich vzťah k normám EN 18031 and ISA/IEC 62443, but also practical questions such as "when is the product launched on the market" or "who is responsible for the compliance of the components."

  • CUSEC na konferencii Cyber Security Bratislava

    CUSEC at the Cyber Security Bratislava Conference

    Dňa 23.9. a 24.9.2025 sa konala konferencia Cyber Security Bratislava, organized by the Ministry of the Interior of the Slovak Republic in cooperation with the Ministry of Investments, Regional Development and Informatization of the Slovak Republic.

    Na konferencii vystúpili aktívne dvaja členovia CUSEC a viacerí v rámci pasívnej účasti.

    Doc. JUDr. Jozef Andraško, PhD., garant CUSECu, prezentoval jednotlivé aktivity Kompetenčného centra pre reguláciu kybernetickej bezpečnosti, ochrany súkromia a kybernetickej kriminality. Konkrétne sa zameral na aktivitu celoživotného vzdelávania pre zamestnancov verejnej správy  v podobe kurzov:

    • Fundamentals of cybersecurity regulation and related areas a
    • Accountability relationships in cybersecurity.

    JUDr. In his contribution, Michal Rampášek focused on key criminal law issues related to the investigation of ransomware attacks. He analyzed the substantive and procedural aspects of cybercrime prosecution in this area, including the role of CSIRT/CERT units in responding to incidents and providing expertise to law enforcement agencies. He paid special attention to the issue of electronic evidence and its applicability in criminal proceedings.

  • CUSEC spája odborníkov: Digitalizácia práva a bezpečnosť v digitálnom prostredí na Bratislavskom právnickom fóre

    CUSEC brings together experts: Digitization of law and security in the digital environment at the Bratislava Law Forum

    On September 17, 2025, the first day of the international professional conference Bratislava Legal Forum 2025 began at the Faculty of Law of the Comenius University Bratislava (hereinafter referred to as "Faculty of Law, Comenius University Bratislava"). The first day of the conference, which will continue until September 19, 2025, began with a plenary session with the central theme "Digitalization of law and security in the digital environment". Every year, the conference brings together important academics, experts from practice, representatives of the public administration and the diplomatic corps. The plenary session was held in the historic Hall of the Comenius University Bratislava, with discussions taking place in Slovak, Czech, English, Polish and Hungarian, with simultaneous interpretation provided for foreign guests.

    The event is financed by the European Union as part of the NextGenerationEU initiative, the main professional partner of the conference is the Ministry of Foreign and European Affairs of the Slovak Republic and the media partner is TA3 television. The general partners of the Bratislava Law Forum 2025 include the National Security Office of the Slovak Republic, the Faculty of Law, Comenius University Bratislava Alumni Club, Slovenská sporiteľňa, Bratislava Law Review, Wolters Kluwer, the European Law Students' Association (ELSA) and the St. Nicholas. The plenary session took place within the project of the Competence Centre for the Regulation of Cybersecurity, Privacy Protection and Cybercrime (CUSEC).

    The ceremonial opening of the plenary session belonged to representatives of the academic community, when the participants were welcomed by prof. JUDr. Marek Števček, DrSc., rector of the Comenius University Bratislava, who emphasized the importance of digitization for legal science and practice and the need for a systematic approach to cybersecurity issues. His words were followed up by prof. JUDr. Eduard Burda, PhD., dean of Faculty of Law, Comenius University Bratislava, who pointed out the need to support professional discussion and education in the field of information technology law and digital regulation. Important guests from the sphere of public administration and diplomacy also spoke - Ing. Juraj Blanár, Minister of Foreign and European Affairs of the Slovak Republic, who appreciated the support of events that emphasize the need to connect law and digital security in both the European and global context, Mgr. Matúš Šutaj Eštok, Minister of the Interior of the Slovak Republic, who in his speech emphasized the key role of legal regulation in the field of cybersecurity, and Gautam A. Rana, Ambassador of the United States of America, who spoke about the importance of the joint efforts of democratic countries in strengthening cybersecurity and creating a fair legal framework for the digital environment.

    The program then continued with two panel discussions, which created a platform for the exchange of experience and expertise between representatives of several countries. The first panel discussion, moderated by JUDr. Michal Rampášek from the Institute of Information Technology Law and Intellectual Property Law, Faculty of Law, Comenius University Bratislava, focused on the transposition of the NIS2 directive and its implementation in the practice of the Vyšehrad Four countries. Speakers included Viktor Munkácsi, head of the incident management department at the Hungarian National Cyber ​​Security Center, Marcin Domagała, head of the department of international cooperation in the field of cybersecurity from Poland, Ondřej Polák from the Czech National Office for Cyber ​​and Information Security and Jaroslav Ďurovka, director of the National Cyber ​​Security Center of the Slovak Republic, who presented concrete experiences and challenges associated with the application of this legislation in individual countries.

    The second panel discussion moderated by JUDr. Ondrej Hamuľák, PhD. from the Institute of Information Technology Law and Intellectual Property Law, Faculty of Law, Comenius University Bratislava, was dedicated to the global challenges of digital regulation and provided space for presentations by experts from various countries and academic environments. The panelists were Hong Dae-sik, professor of economic law at the Faculty of Law of Sogang University in Korea, Iana Kazeeva, postdoctoral fellow at the Department of Innovation and Digitization in Law in Vienna, Lilla Nóra Kiss, PhD., chief policy analyst at the Schumpeter Project on Competition Policy at the Information Technology and Innovation Foundation, and doc. JUDr. Matúš Mesarčík, PhD., LL.M. from the Institute of Information Technology Law and Intellectual Property Law, Faculty of Law, Comenius University Bratislava, who dealt with issues of digital market regulation, protection of economic competition and innovative approaches to the regulation of artificial intelligence and digital technologies.

    An important part of the first day of the conference were also the first professional sections, which created space for the presentation of academic research results and professional discussion. The section on information technology law and intellectual property law, with the main theme "Regulation, cybersecurity and digitization of law", covered a wide range of topics from the risks for children in the online environment and the role of European legislation in their protection, through the ban on political ads on social media platforms and its legal implications, to issues of the regulation of automated vehicles, regulatory sandboxes under the Artificial Intelligence Act, or the criminal law overlaps of artificial intelligence. The issue of remote drivers from the point of view of criminal law, the cross-border cooperation of EU member states in securing data in criminal proceedings, as well as the application challenges of the Cyber ​​Resilience Act were discussed.

    The civil law section entitled "Current challenges and limits of civil law in connection with the advent of artificial intelligence" provided space for discussion on the legal status of artificial intelligence, on the possibilities of its use in issuing court decisions, on issues of consumer law and family law in the digital era. The children's right to privacy in the context of digital parental supervision, the use of digital technologies in the execution of decisions in matters of minors, optimal models of regulation of artificial intelligence in consumer commerce, and the review of arbitration decisions in the era of algorithms resonated among the topics discussed.

    The social program of the conference offered the participants the opportunity to get to know the historical landmarks of Bratislava during a sightseeing ride on the Prešporáčik train and also provided space for informal meetings during the ceremonial reception at Hotel Devín, which took place in the evening after the end of the professional part of the program. The reception took place in a friendly atmosphere and made it possible to establish new professional and personal contacts between participants from Slovakia and abroad.

    The Bratislava Legal Forum conference annually proves its status as a unique forum for the exchange of knowledge, experience and opinions within the professional public.

  • Zástupcovia CUSEC na konferencii Rady Európy Octopus 2025 v Štrasburgu

    CUSEC representatives at the Council of Europe Octopus 2025 conference in Strasbourg

    On June 4-6, 2025, a prestigious international conference took place on the premises of the Palace of Europe in Strasbourg Octopus 2025, organized by the Council of Europe, which is one of the most important events focused on the topic cybercrime.

    The Competence Centre for the regulation of Cybersecurity, privacy protection and Cybercrime was represented at the conference docent Marek Kordík a doktorka Petra Dražová, who participated in plenary sessions and practical workshops.

    The conference was attended by more than 500 experts from more than 100 countries operating in international organizations, public and private spheres, in non-governmental organizations, as well as in the scientific research environment.

    The key topics of the event were:

    • strengthening international cooperation in the field of electronic evidence,
    • implementation of the Hanoi Convention,
    • new challenges related to child pornography material generated by artificial intelligence,
    • cooperation with the initiative CASP,
    • and classification of computer crime as a war crime according to the Rome Statute.

    The participation of our representatives in such an important event strengthens the faculty's position in the international professional discourse and contributes to the development of knowledge in the field of digital and criminal law.

  • CUSEC AKO PRIESTOR PRE NOVÉ VÝZVY KYBERNETICKEJ BEZPEČNOSTI 

    CUSEC AS A SPACE FOR NEW CYBERNETIC SECURITY CHALLENGES 

    Právnická fakulta Univerzity Komenského v Bratislave (PraF UK) uspela vo výzve z Plánu obnovy a odolnosti SR s projektom „Kompetenčné centrum pre reguláciu kybernetickej bezpečnosti, ochrany súkromia a kybernetickej kriminality” (CUSEC). The amount of support is €1,008,071.90. 

    Cieľom projektu je vytvoriť dynamickú platformu na výmenu informácií, osvedčených postupov a odborných znalostí v oblasti regulácie kybernetickej bezpečnosti, ochrany súkromia a kybernetickej kriminality. Prepojenie špičkových odborníkov, verejnej správy a akademickej sféry má za cieľ posilniť inovácie, výskum a medzinárodnú spoluprácu.  

    CUSEC will serve as a physical location that will bring together a team of experienced and qualified cybersecurity, privacy and cybercrime regulatory experts. Its mission is to support new research challenges and create space for interdisciplinary discussions with a global impact.

    The establishment of the Competence Centre will provide unique opportunities for professionals, researchers and students who want to profile themselves in the field of cybersecurity regulation. It will enable them to meet world experts, participate in international conferences and complete internships at leading institutions.

    Dôležitou súčasťou nášho poslania bude aj podpora študentov a študentiek doktorandského štúdia, ktorí sa venujú témam regulácie kybernetickej bezpečnosti, ochrany súkromia a kybernetickej kriminality. CUSEC im poskytne mentoring, odborné konzultácie a príležitosti na zapojenie sa do rôznych výskumných projektov. Zároveň budú  doktorandi a doktorandky podporení prostredníctvom štipendií a grantov zameraných na výskum regulácie kybernetickej bezpečnosti, ochrany súkromia a kybernetickej kriminality," said associate professor Jozef Andraško, guarantor of the Competence Centre.  

    CUSEC si kladie za cieľ priniesť nové perspektívy na neformálne a formálne vzdelávanie v oblasti kybernetickej bezpečnosti, ochrany súkromia a kybernetickej kriminality. Kurzy celoživotného vzdelávania majú dopomôcť k zvýšeniu odbornosti zamestnancov verejnej správy v oblasti regulácie kybernetickej bezpečnosti.  Zároveň aktívne rozvíja spoluprácu so strednými školami, pre ktoré bude poskytovať rôzne kurzy prispôsobené potrebám súčasnej generácie študentov.   

    Dôležitým cieľom je aj rozvíjanie nielen odborných a vedeckých znalostí, ale aj podpora verejnej diskusie o regulácii kybernetickej bezpečnosti, ochrany súkromia a kybernetickej kriminality. Prostredníctvom analytických výstupov, odborných a vedeckých podujatí a mediálnych výstupov chce kompetenčné centrum prispieť k väčšej transparentnosti, zodpovednosti a efektívnejšej ochrane digitálneho priestoru.