Suche auf der Schloss Dagstuhl Webseite
Sie suchen nach Informationen auf den Webseiten der einzelnen Seminare? - Dann:
Nicht fündig geworden? - Einige unserer Dienste laufen auf separaten Webseiten mit jeweils eigener Suche. Bitte beachten Sie folgende Liste:
Schloss Dagstuhl - LZI - Logo
Schloss Dagstuhl Services
Innerhalb dieser Seite:
Externe Seiten:
  • DOOR (zum Registrieren eines Dagstuhl Aufenthaltes)
  • DOSA (zum Beantragen künftiger Dagstuhl Seminare oder Dagstuhl Perspektiven Workshops)
Innerhalb dieser Seite:
Externe Seiten:
Innerhalb dieser Seite:
Externe Seiten:
  • die Informatik-Bibliographiedatenbank dblp

Dagstuhl-Seminar 24112

EU Cyber Resilience Act: Socio-Technical and Research Challenges

( 10. Mar – 13. Mar, 2024 )

(zum Vergrößern in der Bildmitte klicken)

Bitte benutzen Sie folgende Kurz-Url zum Verlinken dieser Seite:



Dagstuhl Reports

As part of the mandatory documentation, participants are asked to submit their talk abstracts, working group results, etc. for publication in our series Dagstuhl Reports via the Dagstuhl Reports Submission System.

  • Upload (Use personal credentials as created in DOOR to log in)

Dagstuhl Seminar Wiki

Gemeinsame Dokumente



The growth of Consumer Connected Devices such as Smart TVs and Smart Speakers has introduced unprecedented challenges for preserving consumers’ security and privacy, and nations’ cybersafety. The European Union has been at the regulatory forefront, developing strict regulatory frameworks to protect consumers and increase European cyber-resilience. However, the path towards compliance and enforcement is not straight-forward.

In May 2018, the EU General Data Protection Regulation (GDPR) was implemented to protect users’ privacy and digital rights. However, 5 years later, its success has been moderate due to developers’ inability (or lack of incentives) to comply with the regulation. This is aggravated by rule interpretation differences across DPAs, which is causing developers confusion and different criteria for enforcement. Now, the new EU Cyber Resilience Act aims to enforce security requirements for digital products like IoT devices by establishing a framework for secure development and empowering users to make security-aware decisions. This is complemented by a European-wide Cybersecurity Certification Framework (ECCS) and the new NIS 2 Directive, which puts in place cybersecurity requirements including supply chain measures. The combination of these regulations aims at ensuring that digital products are vulnerability-free, transparent, and vendor-supported throughout their life cycle, while also respectful with citizen’s digital rights and privacy. However, what will be the barriers and challenges for compliance and enforcement?

Device and software analysis methods—from formal methods to black-box testing—are essential for facilitating compliance at different stages of the product life cycle, but also for independent certification and enforcement as ECCS mandates. However, the rapid evolution and increasing complexity of new technologies and other socio-technical factors may add further challenges and barriers for compliance and enforcement. On the one hand, it is essential to understand whether regulatory requirements are realistic, unambiguous, and if they are completely misaligned with technology trends, manufacturers’ incentives and goals, and with users’ privacy and security awareness. For example, research evidence has shown that many developers do not fully comply with GDPR and COPPA requirements due to their dependency on obscure third-party components for development support and advertising, economic incentives, poor software engineering habits, or even lack of regulation awareness. On the other hand, we need to assess to which extent device and software analysis methods are fit for aiding developers and manufacturers in compliance, but also for independent certification and enforcement. Yet, current software and device analysis techniques (e.g., black-box testing) often over-simplify the complexity of digital products and present scalability and coverage limitations that prevent them from testing whether observed software properties comply with regulatory requirements at scale.

This Dagstuhl Seminar wants to unite a multidisciplinary group of tech and legal academics, industry actors and policy experts to holistically explore the complex landscape of research and socio-technical challenges for regulatory adoption and enforcement. These arise from developer practices and incentives, user awareness, and the feasibility of existing software analysis methods for certification and enforcement. By fostering multidisciplinary dialogue across communities that are often disconnected, this workshop aims to (1) shed light on pressing research challenges and barriers for adoption and enforcement of new tech laws; (2) promote cross-disciplinary research networks and collaboration in developing innovative solutions to strengthen digital security and resilience while preserving users’ rights, and (3) produce reports to inform the regulatory debate and future research agendas at the intersection of tech and policy.

Copyright Mila Dalla Preda, Serge Egelman, Anna Maria Mandalari, and Narseo Vallina-Rodriguez


  • Computers and Society
  • Cryptography and Security
  • Software Engineering

  • Digital Law and Policy
  • Usable security and transparency
  • Cybersecurity and Cyber-Resilience
  • Software Engineering and Secure Development
  • Software Analysis and Certification