Cyber law as a discipline saw some massive advances in 2019. The first significant element of 2019 was the determinant focus of sovereign governments to come up with strong national cyber security legislations andlegislative frameworks. Consequently, these countries started moving in the direction of trying to regulate cybersecurity. These regulations normally took two distinctive...
Cyber law as a discipline saw some massive advances in 2019. The first significant element of 2019 was the determinant focus of sovereign governments to come up with strong national cyber security legislations and
legislative frameworks. Consequently, these countries started moving in the direction of trying to regulate cyber
security. These regulations normally took two distinctive manifestations. The first manifestation was in the form
of specific legislations on cyber security while the second manifestation was in the form of soft legislation or policies on cyber security. In the first category of approaches, we found that many countries specifically legislated new cyber security laws. These included Thailand, which implemented its national cyber security law being Cyber Security Act of Thailand B.E. 2562 (2019) ("CSA"). In addition Macau, recognizing the importance of cyber security for the gaming ecosystem also came up with their national cyber security laws being Macau Cyber Security Law ("MCSL"). These laws, in their own distinctive manners, tend to regulate different aspects of cyber security and activities in the cyber security ecosystem and contributed to the evolving jurisprudence on cyber security law which is an emerging sub-discipline under the cyber law umbrella.
While these legislations sought to stipulate the rights, duties and responsibilities of various stakeholders, the fact also remains that these legislations were also being viewed as a vehicle for strengthening cyber sovereignty. No wonder cyber sovereignty as a concept got increasingly far more attention and focus from various national governments as they came up with distinctive legal provisions in their cyber security laws to protect and preserve national cyber
sovereignty. A number of these said legislations were very broadly drafted and using extremely wide language so
as to be more futuristic so as to enable the governments to effectively deal with newly emerging challenges in the
context of cyber security. A number of the said laws were also repeatedly criticized and targeted by activists who
believed that the said legislations became an instrument for potential misuse or for cracking down on civil liberties. Nonetheless, the aforesaid actions clearly underline the increasing significance of cyber security law as an emerging sub-discipline.
In the second category approach to regulating national cyber security, we found that different countries started coming up with and implementing the national cyber security policies. The said policies do not have the status of legislation, but embody mother policy statements and ideas stipulating the version of the countries concerned and how they are seeking to approach the complicated issues of cyber security. Further, we also saw different other countries coming up with their own subordinated legislation in the form of rules, regulations and guidelines on different aspects pertaining to cyber security protection.
The aforesaid approaches became more and more relevant, given the fact that cyber security breaches constantly kept on increasing in the year 2019.
Data breaches have run at a record pace in 2019. Consider these statistics for the first half of the year:
• 3,800: The number of publicly disclosed breaches.
• 4.1 billion: The number of records exposed.
• +54%: Increase in number of reported breaches vs. first six months of 2018.
The trend that developed in the year 2019 clearly showed that countries are beginning to bite the bullet on regulating cyber security as countries are beginning to increasingly realize the significance of cyber security and how the same has a direct connection with national security.
Some countries reiterated their existing stands that their cyber security is a part of their national security and hence came up with holistic visions to deal with regulating cyber security.
The year 2019 was also the year for another remarkable development pertaining to Artificial Intelligence. The year 2019 had begun with a lot of skepticism on how artificial intelligence needed to be treated on a legal basis. However by the time the year came to an end, artificial intelligence law as a sub discipline of Cyber law already started emerging. Different stakeholders are working on different legal nuances impacting artificial intelligence. A lot of work and technological progress done on artificial intelligence in 2019 forced stakeholders to wake up to the need to come up with legal principles to govern Artificial Intelligence. The year 2019 saw various international stakeholders trying to come up with ethical principles and standards to govern artificial intelligence given the propensity of artificial intelligence to be manipulated by variety of external elements. IEEE had come up with its ethical standards being Ethically Aligned Design (EAD1e), "A Vision for Prioritizing Human Well-being with Autonomous and Intelligent Systems on AI. Further, ethical principles to govern AI were embodied in "Australia ethics framework for AI", "JSAI Ethical Guidelines" & "IBM ethical AI principles" with their principles entitled "Fairness", "Respect for Privacy" & "Do not harm". At the end of 2019, the Council of Europe, Council of ministers and committee of ministers appointed the ad hoc committee on AI (CAHAI) which is having the responsibility to come up with the regulatory framework to regulate AI at global level. This Ad hoc committee having a 2-year mandate, clearly has its task well defined.
Various stakeholders are also contributing in this regard. The Artificial Intelligence Law Hub created at New Delhi is researching on common legal principles to regulate Artificial Intelligence at the global level. By the time, the year 2019 came to a close, it became more imperative that the legal issues concerning artificial intelligence will have to be more seriously looked at, by all the stakeholders. This becomes more important since a lot of existing legal principles and jurisprudence may not be directly applicable to Artificial Intelligence. Artificial Intelligence is beginning to throw up new distinctive challenges which require new legal mindsets and new legal approaches. That's why Cyber law is increasingly seeing the emergence of a new subdiscipline, being Artificial Intelligence law. In the coming years, both cyber security and artificial intelligence will continue to be very important thrust areas in evolving Cyber law jurisprudence. I am confident that legal developments that have taken place in the year 2019 in these two thrust areas of Cyber law, will increasingly be consolidated and built upon for the development of further subsequent growth of cyber legal jurisprudence.
Disclaimer – The author Dr. Pavan Duggal, Advocate, Supreme Court of India, is an internationally renowned expert authority on Cyberlaw and Cybersecurity law. He has been acknowledged as one of the top four Cyber lawyers in the world. He is also the Chairman of International Commission on Cybersecurity Law. You can reach him at pavan@pavanduggal.com. More about Dr. Pavan Duggal is available at www.pavanduggal.com.