Digital Legal Lab

Cybersecurity Conference
22 June 2023

EU Cybersecurity: Collective Resilience through Regulation

In 2020, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy presented the ‘EU’s Cybersecurity Strategy for the Digital Decade’. The strategy promised to bolster Europe’s collective resilience against cyber threats and help to ensure that all citizens and businesses can fully benefit from trustworthy and reliable services and digital tools. Furthermore, it enables the EU to lead international norm and standard setting initiatives and strengthen cooperation around the world to “promote a global, open, stable and secure cyberspace, grounded in the rule of law, human rights, fundamental freedoms and democratic values”.

The strategy contains proposals for regulatory, investment and policy initiatives in three areas of EU action: resilience, technological sovereignty and leadership; building operational capacity to prevent, deter and respond; and advancing a global and open cyberspace through increased cooperation. The aim of the conference is to bring together academics, policymakers, and practitioners with different specialities to discuss the Cybersecurity Strategy and its implementation. After more than two years, it is time to evaluate whether the strategy is succeeding in its goals, but also whether it is still fit for purpose in an ever evolving society. 

In particular, the conference is guided by three guiding themes on which invited experts as well as selected participants based on their submitted abstracts will be presenting breakthrough research and approaches:




Prof. Dr. Lokke Moerel,

Professor of Global ICT Law (Tilburg University)

and Senior of Councel, Morrison & Foerster (Brussels)

Session 1: regulatory developments towards achieving the cybersecurity strategy

The Cybersecurity Strategy has formulated various goals and announced several initiatives such as the reform of the Network and Information Security Directive, new horizontal rules for an Internet of Secure Things, and measures to effectively tackle cybercrime. This session seeks to evaluate to what extent the strategy has succeeded in reaching these goals and developing these initiatives. In particular, this session is looking at the regulatory side of the strategy. Has the European Union succeeded in adopting the announced legal instruments? To what extent do these instruments (in their announced or adopted form) actually contribute to the various goals? What measures have been implemented and have they been successful? How do we assess the effectiveness of cybersecurity initiatives? What have been the main challenges in achieving success?



Prof. Dr. Lee Bygrave (University of Oslo), slides

Renate Verheijen (European Union Agency for Cybersecurity), slides

Dr. Rocco Bellanova (Vrije Universiteit Brussel)

Claudia Aanonsen (Norwegian Institute of International Affair)


Session 2: Cybersecurity in times of crisis

Since 2020, society in general and cybersecurity in particular have had to deal with new developments and challenges. Cybersecurity has been challenged by the shift to remote-working due to COVID-19, the proliferation of ransomware, attacks on managed service providers, ongoing cyberwarfare in Ukraine, and the use of targeted surveillance tools for political aims. Humanitarian actors operating in conflict zones and crisis situations have also been the target of major cyber attacks. On the flip side, cybersecurity also faces the risk of being neglected due to other societal crises like the climate emergency and energy crisis. This session is aimed at evaluating the Cybersecurity Strategy and current legal instruments in the light of these new challenges and emergent crises. To what extent can the strategy and the legal instruments accommodate them? Do they provide suitable solutions? In what ways are they lacking and should they be improved?



Christian D’Cunha (European Commission)

Dr. Cristina Del-Real (Leiden University)

Mauro Vignati (International Committee of the Red Cross)

Session 3: Beyond the digital decade: What does the future of cybersecurity hold?

To protect people’s fundamental rights, everyone providing digital services – including government, industry, and non-profit organisations – must help aspire towards a secure and trustworthy future. While Session I and II have dealt with the developments, successes and limitations of the current strategy, this final Session looks at the future of cybersecurity to identify the main technological, legal, societal, political challenges and opportunities. What future risks put pressure on the current strategy and legal regime? How should the strategy and regime be changed to deal with these risks? Are the goals of cybersecurity (still) viable in a changing society? What opportunities exist to further shape and improve the Cybersecurity Strategy over the rest of the decade?



Prof. Dr. Bart Jacobs (Radboud University)

Florian Pennings (Microsoft)

Joke Bodewits (Hogan Lovells)

Massimo Attoresi (Deputy Head of the

Technology  & Privacy Unit of the

European Data Protection Supervisor), slides



—- We have now published all abstracts that will be showcased in the parallel paper sessions —-

The call for extended abstracts focuses on the following areas of interests:

  • Regulatory initiatives for cybersecurity, including the Cyber Resilience Act proposal, the Digital Operational Resilience Act, the NIS2 Directive, etc.
  • Security by design and secure IoT
  • Assessment of effectiveness of cybersecurity initiatives
  • Roadblocks for cybersecurity in times of crisis
  • Emergent crises and impacts on trust in the security of technology/infrastructure 
  • Cybersecurity in the humanitarian field
  • Future/outlook on cybersecurity and trust
  • Technological, legal, societal, political challenges and opportunities for cybersecurity
  • Opportunities for global action on cybersecurity

Additional topics may be suggested to the Organizing Committee prior to submission.


  • Submission of extended abstracts by: March 10, 2023
  • Notification of acceptance by: March 30, 2023
  • Submission of camera ready version of the abstract by: May 15, 2023
  • Presentations: June 22, 2023


How to submit

Please submit your extended abstracts via A template for the abstract with your name and affiliation is provided below (Word). Please note that the abstract should not be submitted anonymously and will be reviewed by the organizing committee. 

Format and length

Use for your extended abstract the following template: Word Template for One Column_ EU Cybersecurity – Collective Resilience through Regulation. Your extended abstract should be between 1000-1500 words excluding references. 

Special Issue at Computer Law & Security Review

If your extended abstract was accepted to the conference, you will have the option to rework it for a submission to our Special Issue at Computer Law & Security Review.

All papers would then be peer reviewed by relevant experts and feedback given on whether or not the paper is accepted or returned for further revisions. Submissions will normally be between 6,000-15,000 words. It is also possible to submit an opinion piece concerning policy, legislation or case law of a minimum of 2,000 words.

Important dates with respect to the Special Issue submissions

  • Submission of paper or opinion pieces by: December 15, 2023
  • Notification of blind review [acceptance (with minor/major revisions), rejection] by: early 2024
  • Submission of final revised paper: April 1, 2024
  • Publication: summer 2024
Gijs van Dijck

Gijs van Dijck

Maastricht University

Irene Kamara

Irene Kamara

Tilburg University

Otso Karttunen

Otso Karttunen

Maastricht University

Aaron Martin

Aaron Martin

Maastricht University

Aurelia Tamò-Larrieux

Aurelia Tamò-Larrieux

Maastricht University

Pieter Wolters

Pieter Wolters

Radboud University

Joris van Hoboken

Joris van Hoboken

University of Amsterdam

Funding Acknowledgement: This conference has received funding from the Digital Legal Studies sector plan group.




Participants who would like to attend the conference without submitting formally presenting must register and indicate if they are attending in person or online. Please note that we have only limited spots for an in person attendance and that priority will be given to people who are presenting. You can register by clicking here.
Registration is possible until 16th June 2023.


The conference will be held at Campus Brussels, an intra-faculty hub of Maastricht University located at Av. de Tervueren 153, 1150 Brussels, Belgium.

Maastricht University Campus Brussels is a historical building located in the Montgomery neighbourhood, which is well known for its embassies and representation buildings. The main panels of the Conference will be held at the Bel-Etage, a large room on the first floor with a view of the Montgomery Square.

The Campus is easily accessible by public transport, and it is only 30 minutes away from the airport with train and bus.

Directions from Brussels Airport: Take either Bus 12 or 21, and exit at the “Diamant” station. Then take tram line 23 or 24 to the “Vanderkindere” direction, or take line 25 going towards Boondal Station. Get off the tram at the “Montgomery” station and take the exit to “Boulevard de Saint-Michel / Avenue de Tervueren 1-171”, and then turn to the right. The campus is around 30 meters after on the left. 

Directions from the Central Station: Take purple metro line 1 leading to Stockel, and get off at the “Montgomery” station. Take the exit to “Boulevard de Saint-Michel / Avenue de Tervueren 1-171”, and then turn to the right. The campus is around 30 meters after on the left.