The article focuses on the obligations imposed on private subjects under cybersecurity regulations and examines their implications for private international law. These obligations are addressed from a top-down perspective, taking into account multilateral negotiations within the UN system as well as the EU and Italian legal frameworks. While the former have refrained from establishing binding obligations for private entities, emphasising the role of public-private cooperation, the EU has imposed concrete risk-management and reporting duties on strategic private players, most recently through Directive 2022/2555 (NIS2). The Italian implementing instruments of NIS2 interact with the National Cybersecurity Perimeter framework, which subjects designated entities to procurement restrictions. These constraints, coupled with the confidentiality regime surrounding the entire matter, may (at least in abstract terms) give rise to culpa in contrahendo claims, for example when contractual negotiations between an operator of a strategic national infrastructure and its counterparty for the purchase of goods or services are interrupted due to a governmental prohibition. This scenario is analysed through the lens of private international law, assessing the competent jurisdiction and applicable law. Nonetheless, it is argued that the fulfilment of a legal duty aimed at safeguarding national security is likely to exclude pre-contractual liability
Navigating private obligations in cybersecurity: Perspectives from Private International Law / Argentini, Marco. - In: QUESTIONS OF INTERNATIONAL LAW. - ISSN 2284-2969. - 110:(2025), pp. 47-70.
Navigating private obligations in cybersecurity: Perspectives from Private International Law
Marco Argentini
2025
Abstract
The article focuses on the obligations imposed on private subjects under cybersecurity regulations and examines their implications for private international law. These obligations are addressed from a top-down perspective, taking into account multilateral negotiations within the UN system as well as the EU and Italian legal frameworks. While the former have refrained from establishing binding obligations for private entities, emphasising the role of public-private cooperation, the EU has imposed concrete risk-management and reporting duties on strategic private players, most recently through Directive 2022/2555 (NIS2). The Italian implementing instruments of NIS2 interact with the National Cybersecurity Perimeter framework, which subjects designated entities to procurement restrictions. These constraints, coupled with the confidentiality regime surrounding the entire matter, may (at least in abstract terms) give rise to culpa in contrahendo claims, for example when contractual negotiations between an operator of a strategic national infrastructure and its counterparty for the purchase of goods or services are interrupted due to a governmental prohibition. This scenario is analysed through the lens of private international law, assessing the competent jurisdiction and applicable law. Nonetheless, it is argued that the fulfilment of a legal duty aimed at safeguarding national security is likely to exclude pre-contractual liability| File | Dimensione | Formato | |
|---|---|---|---|
|
(2025) ARGENTINI, Navigating private obligations in cybersecurity Perspectives from Private International Law.pdf
accesso aperto
Descrizione: ARGENTINI, Navigating private obligations in cybersecurity Perspectives from Private International Law
Tipologia:
Versione Editoriale (PDF)
Licenza:
Dominio pubblico
Dimensione
309.11 kB
Formato
Adobe PDF
|
309.11 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
