Pub Date : 2025-09-09DOI: 10.1016/j.clsr.2025.106195
Yu Liu
Jurisdictional conflicts in SEP litigation have intensified as both SEP holders and implementers increasingly resort to antisuit injunctions (ASIs) and retaliatory anti-antisuit injunctions (AASIs). This article contends that a stricter interpretation of two particular requirements for granting ASIs—the “dispositive” and “vexatious or oppressive” requirements—offers the most viable short-term strategy for de-escalating this global procedural arms race. First, courts should resist the assumption that resolution of a breach of FRAND obligation claim necessarily disposes of foreign SEP infringement actions brought by the SEP holder. Second, the assessment of whether a foreign parallel proceeding is vexatious or oppressive should be grounded in the doctrine of forum non conveniens.
{"title":"Before the first shots are fired: A guide to granting antisuit injunctions in SEP litigation","authors":"Yu Liu","doi":"10.1016/j.clsr.2025.106195","DOIUrl":"10.1016/j.clsr.2025.106195","url":null,"abstract":"<div><div>Jurisdictional conflicts in SEP litigation have intensified as both SEP holders and implementers increasingly resort to antisuit injunctions (ASIs) and retaliatory anti-antisuit injunctions (AASIs). This article contends that a stricter interpretation of two particular requirements for granting ASIs—the “dispositive” and “vexatious or oppressive” requirements—offers the most viable short-term strategy for de-escalating this global procedural arms race. First, courts should resist the assumption that resolution of a breach of FRAND obligation claim necessarily disposes of foreign SEP infringement actions brought by the SEP holder. Second, the assessment of whether a foreign parallel proceeding is vexatious or oppressive should be grounded in the doctrine of forum non conveniens.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106195"},"PeriodicalIF":3.2,"publicationDate":"2025-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145020216","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-09-09DOI: 10.1016/j.clsr.2025.106186
Patrick Smieskol , Timo Jakobi , Max von Grafenstein
In an increasingly digitized world, personalization has emerged as a key mechanism for matching users with relevant content, advertisements, services, and other products. For personalization to work, typically, users' online behavior is tracked to create unique profiles about their individual behavior and interests. This process creates trade-offs between data collection and users' privacy concerns. These conflicts are regulated, amongst other laws, by the General Data Protection Regulation (GDPR) as well as the ePrivacy Directive. While the ePrivacy Directive requires the data controller to get the consent from data subjects for the setting of cookies through which data subjects can be tracked across different websites and even devices, the GDPR requires further user control and transparency with respect to the processing of such data, especially profiling, on which the personalization of content is based. However, plenty of research shows that, up to date, users do neither understand the effects of tracking technology on their online experience nor do they feel in control of their profiles created. As a consequence, users report helplessness and even fatalism instead of being able to effectively control tracking for personalization, even where controls are provided to the users. Based on the rich research on feedback design, we argue that for learning how to effectively control tracking and, as a consequence, personalization, users need effective feedback mechanisms to learn about the outcomes of their settings and evaluate their performance. One of the key elements for effectiveness of feedback in general are its situatedness and timeliness. In this paper we therefore address the question of how feedback mechanisms should be designed so that they enable users to make an effective decision for or against tracking and personalization. To this aim, we conducted in a first research phase 20 qualitative interviews to explore users' privacy expectations, what benefits of personalization they value and which risks they see and, most importantly, what controls do they think they should have? The results of this study suggested an immediate feedback mechanism. In a second phase, we therefore prototyped an on/off switch that users could use to enable or disable the personalisation of advertising and other content on a website and compare the results of the two settings. A preliminary evaluation confirms such a feedback mechanism as a promising approach for effective user control according to the data protection by design requirement in Art. 25 sect. 1 GDPR. If this mechanism were to be further developed and evaluated into an effective solution available on the market, it would represent the so-called state of the art, which would have to be considered by all data controllers in accordance with Art. 25 sect. 1 GDPR.
{"title":"From consent to control by closing the feedback loop: Enabling data subjects to directly compare personalized and non-personalized content through an On/Off toggle","authors":"Patrick Smieskol , Timo Jakobi , Max von Grafenstein","doi":"10.1016/j.clsr.2025.106186","DOIUrl":"10.1016/j.clsr.2025.106186","url":null,"abstract":"<div><div>In an increasingly digitized world, personalization has emerged as a key mechanism for matching users with relevant content, advertisements, services, and other products. For personalization to work, typically, users' online behavior is tracked to create unique profiles about their individual behavior and interests. This process creates trade-offs between data collection and users' privacy concerns. These conflicts are regulated, amongst other laws, by the General Data Protection Regulation (GDPR) as well as the ePrivacy Directive. While the ePrivacy Directive requires the data controller to get the consent from data subjects for the setting of cookies through which data subjects can be tracked across different websites and even devices, the GDPR requires further user control and transparency with respect to the processing of such data, especially profiling, on which the personalization of content is based. However, plenty of research shows that, up to date, users do neither understand the effects of tracking technology on their online experience nor do they feel in control of their profiles created. As a consequence, users report helplessness and even fatalism instead of being able to effectively control tracking for personalization, even where controls are provided to the users. Based on the rich research on feedback design, we argue that for learning how to effectively control tracking and, as a consequence, personalization, users need effective feedback mechanisms to learn about the outcomes of their settings and evaluate their performance. One of the key elements for effectiveness of feedback in general are its situatedness and timeliness. In this paper we therefore address the question of how feedback mechanisms should be designed so that they enable users to make an effective decision for or against tracking and personalization. To this aim, we conducted in a first research phase 20 qualitative interviews to explore users' privacy expectations, what benefits of personalization they value and which risks they see and, most importantly, what controls do they think they should have? The results of this study suggested an immediate feedback mechanism. In a second phase, we therefore prototyped an on/off switch that users could use to enable or disable the personalisation of advertising and other content on a website and compare the results of the two settings. A preliminary evaluation confirms such a feedback mechanism as a promising approach for effective user control according to the data protection by design requirement in Art. 25 sect. 1 GDPR. If this mechanism were to be further developed and evaluated into an effective solution available on the market, it would represent the so-called state of the art, which would have to be considered by all data controllers in accordance with Art. 25 sect. 1 GDPR.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106186"},"PeriodicalIF":3.2,"publicationDate":"2025-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145020155","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-09-08DOI: 10.1016/j.clsr.2025.106167
Julien Cabay , Thomas Vandamme , Olivier Debeir
For the past few years, Intellectual Property (IP) Offices have provided their users the possibility to carry out searches in the Trade Mark (TM) public registries through image-search tools, powered by Artificial Intelligence (AI) technologies. Such tools allegedly alleviate the burden to identify similar figurative trade marks (TM), which is a crucial yet cumbersome task for TM proprietors, TM applicants and IP Offices. Amongst others, the European Union Intellectual Property Office (EUIPO) and the Benelux Office for Intellectual Property (BOIP) provide access to such tools, respectively developed in-house and by a private company. Yet, the inner functionings of those systems are unknown and their performances difficult to assess, which in turn raises many concerns, especially in light of the legal certainty rationale underlying the registration requirement of TM law. To address those concerns, we designed an experiment to benchmark and audit those tools. Using the case law from the EUIPO and the BOIP on opposition to TM registration, we evaluated the capacity of those tools to identify similarities between signs that possibly amount to a likelihood of confusion (LoC), the main trigger of TM law. Our findings show that the performances of those tools are poor, and that the black-box auditing is highly contingent and possibly elusive for many AI technologies used in the legal field. This suggests that black-box auditing is not suitable for Legal AIs, which should be subject to enhanced transparency obligations, possibly pursuant to the AI Act interpreted broadly.
{"title":"Looking through the crack in the black box: A comparative case law benchmark for auditing AI-Powered Trade Mark search engines","authors":"Julien Cabay , Thomas Vandamme , Olivier Debeir","doi":"10.1016/j.clsr.2025.106167","DOIUrl":"10.1016/j.clsr.2025.106167","url":null,"abstract":"<div><div>For the past few years, Intellectual Property (IP) Offices have provided their users the possibility to carry out searches in the Trade Mark (TM) public registries through image-search tools, powered by Artificial Intelligence (AI) technologies. Such tools allegedly alleviate the burden to identify similar figurative trade marks (TM), which is a crucial yet cumbersome task for TM proprietors, TM applicants and IP Offices. Amongst others, the European Union Intellectual Property Office (EUIPO) and the Benelux Office for Intellectual Property (BOIP) provide access to such tools, respectively developed in-house and by a private company. Yet, the inner functionings of those systems are unknown and their performances difficult to assess, which in turn raises many concerns, especially in light of the legal certainty rationale underlying the registration requirement of TM law. To address those concerns, we designed an experiment to benchmark and audit those tools. Using the case law from the EUIPO and the BOIP on opposition to TM registration, we evaluated the capacity of those tools to identify similarities between signs that possibly amount to a likelihood of confusion (LoC), the main trigger of TM law. Our findings show that the performances of those tools are poor, and that the black-box auditing is highly contingent and possibly elusive for many AI technologies used in the legal field. This suggests that black-box auditing is not suitable for Legal AIs, which should be subject to enhanced transparency obligations, possibly pursuant to the AI Act interpreted broadly.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106167"},"PeriodicalIF":3.2,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145020215","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-09-05DOI: 10.1016/j.clsr.2025.106192
Chuyi Wei , Jingchen Zhao , Li Sun
China’s advancement in End-to-End Autonomous Driving (E2E AD) presents profound legal and regulatory challenges due to its “black box” nature and data dependency, rendering traditional frameworks inadequate. This paper argues for a tiered liability system, shifting responsibility to manufacturers with increasing vehicle autonomy. Additionally, it proposes an adaptive, multi-tiered, risk-stratified data governance model. Underpinning these proposals, robust transparency and explainability (XAI) are crucial for ensuring accountability and achieving effective regulatory alignment. These proposed frameworks offer critical insights for China and provide a practical and theoretical basis for other nations navigating AI governance in autonomous mobility.
{"title":"Achieving regulatory alignment for E2E autonomous driving in China: A framework for tort liability and data governance","authors":"Chuyi Wei , Jingchen Zhao , Li Sun","doi":"10.1016/j.clsr.2025.106192","DOIUrl":"10.1016/j.clsr.2025.106192","url":null,"abstract":"<div><div>China’s advancement in End-to-End Autonomous Driving (E2E AD) presents profound legal and regulatory challenges due to its “black box” nature and data dependency, rendering traditional frameworks inadequate. This paper argues for a tiered liability system, shifting responsibility to manufacturers with increasing vehicle autonomy. Additionally, it proposes an adaptive, multi-tiered, risk-stratified data governance model. Underpinning these proposals, robust transparency and explainability (XAI) are crucial for ensuring accountability and achieving effective regulatory alignment. These proposed frameworks offer critical insights for China and provide a practical and theoretical basis for other nations navigating AI governance in autonomous mobility.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106192"},"PeriodicalIF":3.2,"publicationDate":"2025-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144997702","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-09-05DOI: 10.1016/j.clsr.2025.106181
Laura Aade
Social media commerce, defined as the direct selling of goods and services through social media, is emerging as a prominent business model in the platform economy. As social media platforms introduce e-commerce features, they are becoming what I call social marketplaces: a new category of online platforms found at the intersection of social networks and online marketplaces. This article examines how the Digital Services Act (DSA) protects consumers in relation to social media commerce, and what specific obligations it imposes on social marketplaces to increase transparency in online transactions. While the DSA does not explicitly address social media commerce, it indirectly applies through Section 4 which imposes obligations on ‘online platforms allowing consumers to conclude distance contracts with traders'. I argue that because social marketplaces fall within this category of online platforms, they are subject to the obligations laid down in Section 4 DSA, namely Article 30 DSA (traceability of traders), Article 31 DSA (compliance by design), and Article 32 DSA (right to information). This article critically analyses the application of these provisions to social marketplaces and examines their interaction with EU consumer laws. Based on the analysis, it identifies three shortcomings in the DSA’s approach to protecting consumers on social marketplaces: (i) regulatory complexity due to overlaps with the EU consumer acquis, (ii) interpretative ambiguity, as the DSA was not designed with social marketplaces in mind, and (iii) an enforcement gap specific to social media commerce. Rather than calling for new legislation, this article concludes that effective consumer protection on social marketplaces requires clarifying the interaction between legal instruments, interpreting existing provisions in light of evolving platform practices, and ensuring coordinated enforcement across relevant actors.
{"title":"The regulation of social media commerce under the DSA: A consumer protection perspective","authors":"Laura Aade","doi":"10.1016/j.clsr.2025.106181","DOIUrl":"10.1016/j.clsr.2025.106181","url":null,"abstract":"<div><div>Social media commerce, defined as the direct selling of goods and services through social media, is emerging as a prominent business model in the platform economy. As social media platforms introduce e-commerce features, they are becoming what I call <em>social marketplaces:</em> a new category of online platforms found at the intersection of social networks and online marketplaces. This article examines how the Digital Services Act (DSA) protects consumers in relation to social media commerce, and what specific obligations it imposes on social marketplaces to increase transparency in online transactions. While the DSA does not explicitly address social media commerce, it indirectly applies through Section 4 which imposes obligations on ‘online platforms allowing consumers to conclude distance contracts with traders'. I argue that because social marketplaces fall within this category of online platforms, they are subject to the obligations laid down in Section 4 DSA, namely Article 30 DSA (traceability of traders), Article 31 DSA (compliance by design), and Article 32 DSA (right to information). This article critically analyses the application of these provisions to social marketplaces and examines their interaction with EU consumer laws. Based on the analysis, it identifies three shortcomings in the DSA’s approach to protecting consumers on social marketplaces: (i) regulatory complexity due to overlaps with the EU consumer <em>acquis</em>, (ii) interpretative ambiguity, as the DSA was not designed with social marketplaces in mind, and (iii) an enforcement gap specific to social media commerce. Rather than calling for new legislation, this article concludes that effective consumer protection on social marketplaces requires clarifying the interaction between legal instruments, interpreting existing provisions in light of evolving platform practices, and ensuring coordinated enforcement across relevant actors.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106181"},"PeriodicalIF":3.2,"publicationDate":"2025-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144997703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-09-04DOI: 10.1016/j.clsr.2025.106191
Ryan Yang Wang , Sydney Forde , Ahmed Al Rawi , Erika Solis , Krishna Jayakar
This study offers the very first investigation of the global diffusion and convergence of domain name dispute resolution policies (NDRPs) by analyzing 34 policies adopted by country code top-level domains (ccTLDs) between 1999 and 2023. While prior research has largely focused on ICANN’s Uniform Dispute Resolution Policy (UDRP), this paper offers a novel cross-national comparison of NDRPs to evaluate textual convergence and underlying policy drivers. Combining qualitative content analysis with network-based similarity modeling, the study constructs a matrix representing pairwise textual similarity between policy documents. To account for network dependencies, we apply Multiple Regression Quadratic Assignment Procedures and generalized linear mixed models with beta regression. The analysis identifies key predictors of policy similarity, showing that countries with similar levels of government effectiveness and differing export intensities are more likely to share convergent policy texts. This suggests that policy convergence occurs not merely through regional or legal affinity, but through a combination of institutional alignment and economic asymmetry. Despite the decentralized and uncoordinated adoption of NDRPs globally, a substantially unified dispute resolution framework for domain names appears to be emerging.
{"title":"Textual convergence in national domain name dispute resolution regimes: a mixed-methods analysis of ccTLD arbitration policies","authors":"Ryan Yang Wang , Sydney Forde , Ahmed Al Rawi , Erika Solis , Krishna Jayakar","doi":"10.1016/j.clsr.2025.106191","DOIUrl":"10.1016/j.clsr.2025.106191","url":null,"abstract":"<div><div>This study offers the very first investigation of the global diffusion and convergence of domain name dispute resolution policies (NDRPs) by analyzing 34 policies adopted by country code top-level domains (ccTLDs) between 1999 and 2023. While prior research has largely focused on ICANN’s Uniform Dispute Resolution Policy (UDRP), this paper offers a novel cross-national comparison of NDRPs to evaluate textual convergence and underlying policy drivers. Combining qualitative content analysis with network-based similarity modeling, the study constructs a matrix representing pairwise textual similarity between policy documents. To account for network dependencies, we apply Multiple Regression Quadratic Assignment Procedures and generalized linear mixed models with beta regression. The analysis identifies key predictors of policy similarity, showing that countries with similar levels of government effectiveness and differing export intensities are more likely to share convergent policy texts. This suggests that policy convergence occurs not merely through regional or legal affinity, but through a combination of institutional alignment and economic asymmetry. Despite the decentralized and uncoordinated adoption of NDRPs globally, a substantially unified dispute resolution framework for domain names appears to be emerging.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"59 ","pages":"Article 106191"},"PeriodicalIF":3.2,"publicationDate":"2025-09-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144989981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-09-01DOI: 10.1016/j.clsr.2025.106190
Stina Teilmann-Lock, Andrej Savin
The advent of generative AI raises profound questions about the ownership not only of data but also of data sets. European law has, in the main, sought to address these questions through the lens of copyright law in an attempt to address what the creative sector sees as a blatant theft of its work. While this approach has its merits, this paper suggests that key issues might be better dealt with using the AI Act of 2024. The Act has created an outline of a conceptual approach which we tentatively call “dataset law”. This is a more effective tool for dealing with violations at scale than copyright as it accents the inherent (economic and non-economic) value of data sets rather than on individual damage. Unfolding our argument in the article we also reflect on the fact that while this ex ante approach may appear novel in magnitude, it follows a pattern of innovative EU legal solutions in copyright and other areas.
{"title":"Beyond the AI-copyright wars: towards European dataset law?","authors":"Stina Teilmann-Lock, Andrej Savin","doi":"10.1016/j.clsr.2025.106190","DOIUrl":"10.1016/j.clsr.2025.106190","url":null,"abstract":"<div><div>The advent of generative AI raises profound questions about the ownership not only of data but also of data sets. European law has, in the main, sought to address these questions through the lens of copyright law in an attempt to address what the creative sector sees as a blatant theft of its work. While this approach has its merits, this paper suggests that key issues might be better dealt with using the AI Act of 2024. The Act has created an outline of a conceptual approach which we tentatively call “dataset law”. This is a more effective tool for dealing with violations at scale than copyright as it accents the inherent (economic and non-economic) value of data sets rather than on individual damage. Unfolding our argument in the article we also reflect on the fact that while this <em>ex ante</em> approach may appear novel in magnitude, it follows a pattern of innovative EU legal solutions in copyright and other areas.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"58 ","pages":"Article 106190"},"PeriodicalIF":3.2,"publicationDate":"2025-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144921685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-09-01DOI: 10.1016/j.clsr.2025.106193
Nick Pantlin
This article tracks developments at the national level in key European countries in the area of IT and communications and provides a concise alerting service of important national developments. It is co-ordinated by Herbert Smith Freehills Kramer LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to complement the Journal's feature articles and briefing notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.
Pub Date : 2025-08-30DOI: 10.1016/j.clsr.2025.106189
Gustavo Gil Gasiola
The risk-based approach of the AI Act (AIA) results in a complex normative structure, in which the applicable subset of rules for a specific AI system is determined by the general scope of application and the classification of the system into particular risk levels. A pyramid of risks, a widely accepted explanation of the risk-based approach proposed by the European Commission, fails to provide a comprehensive classification process and does not accurately reflect the risk levels (either directly or indirectly) recognized in the AIA or the relation between classification criteria. This paper proposes a corrective solution to rebuild the pyramid of risks. Given that each AI system must be classified into one risk level and the AIA assigns a specific subset of rules to each risk level, an adaptation of the Commission’s risk levels was necessary. Two types of exceptions are included in the list of prohibited AI practices, which significantly impact the classification process. The exception stricto sensu (in a strict sense) is the result of a balancing of interests, whereas the exception lato sensu (in a broader sense) is due to the absence of excessive regulatory risks. The transparency requirements, identified by the pyramid as a “limited-risk level,” operate in parallel with the risk-based approach and do not constitute an independent risk level. Furthermore, as the AIA assigns a specific subset of rules to AI systems used in critical areas that do not pose significant risks, it is necessary to recognize a separate risk level (non-high risk). By analyzing the pyramid of risks, this study suggests representing the classification process as a binary decision diagram. This ensures that the risk-based approach is clearly defined and can help regulators and regulatees classify AI systems in accordance with the AIA.
{"title":"Rebuilding the pyramid: The AI Act’s risk-based approach using a binary decision diagram","authors":"Gustavo Gil Gasiola","doi":"10.1016/j.clsr.2025.106189","DOIUrl":"10.1016/j.clsr.2025.106189","url":null,"abstract":"<div><div>The risk-based approach of the AI Act (AIA) results in a complex normative structure, in which the applicable subset of rules for a specific AI system is determined by the general scope of application and the classification of the system into particular risk levels. A pyramid of risks, a widely accepted explanation of the risk-based approach proposed by the European Commission, fails to provide a comprehensive classification process and does not accurately reflect the risk levels (either directly or indirectly) recognized in the AIA or the relation between classification criteria. This paper proposes a corrective solution to rebuild the pyramid of risks. Given that each AI system must be classified into one risk level and the AIA assigns a specific subset of rules to each risk level, an adaptation of the Commission’s risk levels was necessary. Two types of exceptions are included in the list of prohibited AI practices, which significantly impact the classification process. The exception <em>stricto sensu</em> (in a strict sense) is the result of a balancing of interests, whereas the exception <em>lato sensu</em> (in a broader sense) is due to the absence of excessive regulatory risks. The transparency requirements, identified by the pyramid as a “limited-risk level,” operate in parallel with the risk-based approach and do not constitute an independent risk level. Furthermore, as the AIA assigns a specific subset of rules to AI systems used in critical areas that do not pose significant risks, it is necessary to recognize a separate risk level (non-high risk). By analyzing the pyramid of risks, this study suggests representing the classification process as a binary decision diagram. This ensures that the risk-based approach is clearly defined and can help regulators and regulatees classify AI systems in accordance with the AIA.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"58 ","pages":"Article 106189"},"PeriodicalIF":3.2,"publicationDate":"2025-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144917694","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-08-28DOI: 10.1016/j.clsr.2025.106188
Nynke Elske Vellinga, Ekaterina Hailevich
Data is becoming ever more important in the mobility sectors, as the European Mobility Data Space is further taking shape. The legislative framework for the European Mobility Data Space is, however, complex. In this paper, we examine the legislation applicable to the European Mobility Data Space and the main obligations of stakeholders derived from the different legal instruments. We map the relevant legal instruments for the European Mobility Data Space. Thereby, the fragmentation of this legal framework is highlighted, in addition to the strong emphasis on the protetcion of personal data throughout this fragmented legal landscape.
{"title":"The legal framework for sharing mobility data: on the road to an EU mobility data space","authors":"Nynke Elske Vellinga, Ekaterina Hailevich","doi":"10.1016/j.clsr.2025.106188","DOIUrl":"10.1016/j.clsr.2025.106188","url":null,"abstract":"<div><div>Data is becoming ever more important in the mobility sectors, as the European Mobility Data Space is further taking shape. The legislative framework for the European Mobility Data Space is, however, complex. In this paper, we examine the legislation applicable to the European Mobility Data Space and the main obligations of stakeholders derived from the different legal instruments. We map the relevant legal instruments for the European Mobility Data Space. Thereby, the fragmentation of this legal framework is highlighted, in addition to the strong emphasis on the protetcion of personal data throughout this fragmented legal landscape.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"58 ","pages":"Article 106188"},"PeriodicalIF":3.2,"publicationDate":"2025-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144907761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号