Abstract
Under European Union law, software, the defining asset class of the twenty-first century, carries broad rights. It is subject to only a limited and fragmented set of responsibilities or obligations in relation to quality generally and security in particular. Other than in respect of select situations where software may pose a danger to consumers, there is no generally recognised expectaton of security when procuring software. In most cases this means that security must be pursued deliberately and relies on custom contractually arrangements for enforcement. In this chapter we discuss a selection of existing and leading EU regulatory initiatives that deal with software and its security. The core of the paper is a discussion and analysis of norms in the GDPR relevant for software and security. We highlight how these different initiatives leave significant gaps in the governance of security for the information society, and how this may be problematic.
| Original language | English |
|---|---|
| Title of host publication | Legal Developments in Cybersecurity and Related fields |
| Editors | Francisco António Carneiro Pacheco de Andrade, Pedro Miguel Fernandes Freitas, Joana Rita de Sousa Covelo de Abreu |
| Publisher | Springer Nature |
| Pages | 131-144 |
| Number of pages | 14 |
| ISBN (Electronic) | 9783031418204 |
| ISBN (Print) | 9783031418198, 9783031418228 |
| DOIs | |
| Publication status | Published - 2024 |
Publication series
| Name | Law, Governance and Technology Series |
|---|---|
| Publisher | Springer |
| Volume | 60 |
| ISSN (Print) | 2352-1902 |
| ISSN (Electronic) | 2352-1910 |
Bibliographical note
Publisher Copyright:© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
Keywords
- GDPR
- Security norms
- Software quality