Spotlight on Cybersecurity and Law

Posted on October 20, 2025

 

In this Q&A, Assistant Professor Pavel Loutocký, an expert in Law and Technology, explains how legal literacy in cybersecurity can help organisations build resilience, meet compliance obligations, and strengthen public trust in the digital economy.

Q&A with Assistant Professor Pavel Loutocký

Tell us about the Cybersecurity Law module.

Our course explores the intersection of law and technology, focusing on how regulation shapes cybersecurity and data protection in Europe and beyond. We look at IT compliance, data flow, and the legal frameworks that govern cybersecurity — especially how these influence service providers and businesses operating under EU and international regulation.

Why is law and regulation such an important part of cybersecurity?

Cybersecurity isn’t just a technical issue, it involves technology, education, cooperation, and law. Governments are increasingly active in setting rules that protect the security of networks, data, and digital services. Legal frameworks help create a transparent environment where organisations know their responsibilities and users can trust the systems they rely on.

What makes cybersecurity law such a critical area for businesses?

Cybersecurity law sets out expectations for how organisations should operate securely. For businesses, that means understanding how to manage risks, protect data, and ensure service quality. For users, it builds confidence that the services they use — whether a hospital system, a bank, or a mobile app — meet a recognised level of security and reliability.

The EU has introduced new frameworks like the NIS2 Directive and the Cyber Resilience Act. What do these mean in practice?

These are core regulations in cybersecurity.

The NIS2 Directive focuses on the security of critical sectors, including energy, healthcare, digital services or public administration. It requires organisations to secure their infrastructure, assess risks, report incidents, and cooperate with national cybersecurity authorities and other relevant subjects.

The Cyber Resilience Act, coming fully into force by the end of 2027, introduces security requirements for “products with digital elements”, from mobile phones to operating systems and computer games. It ensures that these products meet minimum cybersecurity standards before they reach consumers on the market.

Together, these regulations aim to make Europe’s digital environment safer, trusted and resilient.

Compliance can feel like a burden. How can it actually help businesses perform better?

Compliance is often seen as complicated and costly, but in reality, it’s an investment in resilience. Regulations encourage a preventive approach which can save enormous costs later.

It’s about assessing the investment, because businesses that comply also find it easier to access services such as cybersecurity insurance.

Identity management and digital trust are major themes in European regulation. How will the European Digital Identity Wallet change things?

The European Digital Identity Wallet will give citizens a secure and convenient way to manage their digital identity, similar to Apple Pay or Google Wallet, but with government-level assurance. It will allow individuals to store and use official documents such as IDs, driving licences, electronic signatures or education certificates and others.

Every EU member state will provide at least one certified wallet, and the credentials stored in them will be recognised across all EU countries. This will make identity verification smoother and more secure, supporting the EU’s goal of a Digital Single Market.

With AI moving so quickly, what are the biggest legal and security challenges regulators are trying to get ahead of?

The EU AI Act sets out how AI can be used, especially around privacy and human rights. It restricts risky practices such as mass biometric profiling and requires transparency, oversight, and risk assessment for high-risk AI systems.

These systems handle vast amounts of personal data, so ensuring they operate securely and ethically is crucial.

For organisations navigating all these frameworks, like GDPR, NIS2, eIDAS, AI Act, what practical steps can they take right now?

Firstly, I think that consulting legal or compliance experts is key, because these frameworks often overlap in complex ways.

Secondly, tools like the EU’s AI Compliance Checker can help organisations understand which laws apply to them.

Cybersecurity can feel highly technical. How does this course make the legal side practical for leaders and decision-makers?

We designed the course to bridge technical and legal perspectives. Instead of focusing on specific legal details, we teach students how to navigate the system, how to identify which laws apply.  We give practical examples and explain how the regulations influence technological aspects and approaches.

Identity management and data protection are major themes in the module. How do these topics prepare students for real-world challenges?

Identity management is one of the most important steps with which we are entering the digital environment – and one of its biggest vulnerabilities.

Whether you’re accessing public services or responding to a cyber incident, strong identity management is the foundation of security.

 

 

 

newsletterJoin our mailing list

Sign up for our newsletter to get the latest MTU CYber Innovate news and updates delivered to your inbox.

Applications not currently open
Hybrid Course Pathway
Application deadline:
To be confirmed
Course starts:
To be confirmed
Course duration:
2 years, 4 semesters, part-time
Course delivery:
Hybrid program
Certification:
ARACIS (Romania)-accredited masters's degree (120 ECTS)
Language:
English
contact Get in Touch
Register Your Interest
Register Your Interestcontact