Cyberattacks are often only possible because software products have vulnerabilities. The German government should advocate for a European product liability regulation & consistently sanction software manufacturers for violations, says @alexandrapaulus.bsky.social: www.swp-berlin.org/en/publicati...
Cyberangriffe werden oft erst möglich, weil Softwareprodukte Schwachstellen haben. Die Bundesregierung sollte sich für eine europäische Produkthaftungsregelung einsetzen & Softwarehersteller bei Regelverstößen gezielt sanktionieren, so @alexandrapaulus.bsky.social: www.swp-berlin.org/publikation/...
2️⃣ The federal government should define strict cybersecurity requirements for manufacturers of software products in the security and defense sectors and enforce them without exception. /6
My key policy recommendations:
1️⃣ The Federal Office for Information Security (BSI) should consistently impose fines on companies that violate existing rules (➡️ NIS-2 and, starting in 2027, CRA). /5
2️⃣ why regulation in this area should be carefully considered but is urgently needed in light of the damage caused by cybersecurity incidents, and
3️⃣ which European and German regulations already exist. /4
In my paper, I explain
1️⃣ how the three regulatory options available to policymakers—namely product safety law, product liability laws, and cybersecurity requirements for Software-as-a-Service providers—differ and why they complement one another, /3
Stiftung Wissenschaft und Politik (SWP)
Stiftung Wissenschaft und Politik (SWP)
Many of these incidents stem from known vulnerabilities in software products. Manufacturers could fix these, but currently have little incentive to do so. Policymakers should change this incentive structure.
In other words: There needs to be a business case for secure software. /2
📝 New policy analysis: Cybersecurity Needs Secure Software – How Policymakers Can Hold Software Vendors Accountable and Why They Should
Cyber attacks have been an enormous threat for years, and the damage they cause continues to rise—last year it amounted to 4.5% of German GDP. /1
And for German readers who are looking for a brief overview, I recommend this reporting by @tspbackground.bsky.social Cybersecurity: background.tagesspiegel.de/it-und-cyber... /8 + fin
3️⃣ The federal government should advocate for comprehensive European product liability regulations for software. Only in a second step should European policymakers consider product liability law specifically for AI applications.
Full paper: www.swp-berlin.org/publikation/... /7
Schwachstellen in Software sind die Geißel der sicheren Digitalisierung. Da der Markt es nicht allein richtet, nimmt der EU-Gesetzgeber die Hersteller in die Pflicht. Was fehlt, ist ein echter monetär...
