Victor STOICA
This article sheds light on certain manifestations of due diligence in cyberspace, and its connections with standards enhancing capabilities of states, which, further, depend on various other elements. It reveals the degree in which the existing and expanding cybersecurity legal framework of the European Union contributes to the application of the principle of due diligence in cyberspace for the EU Members States.
It does so by focussing on clarifying three basic characteristics of due diligence, as interpreted under general international law: territoriality, information and risk. It further describes relevant provisions mirroring the three, regulated through the NIS2 Directive, the Digital Services Act, the General Data Protection Regulation, the AI Act or the CER Directive, as well as on policy documents of the European Union such as the EU Strategy regarding Cybersecurity or the Declaration on a Common Understanding of the Application of International Law to Cyberspace.
