{"title":"医疗设备的网络安全:人工智能法案和NIS 2指令提案带来的新挑战。","authors":"Elisabetta Biasin, Erik Kamenjašević","doi":"10.1365/s43439-022-00054-x","DOIUrl":null,"url":null,"abstract":"<p><p>Cyberattacks on the IT infrastructure of hospitals, electronic health records or medical devices that have taken place during the COVID-19 pandemic reaffirmed how crucial it is to ensure cybersecurity in the healthcare sector. Medical devices are regulated in the European Union (EU) through vertical product-specific legislation, such as the Medical Device Regulation (MDR), among others. The MDR foresees safety requirements implying cybersecurity obligations for medical device manufacturers. In 2021, the EU legislator put forward the Network and Information Security System Directive reform (NIS 2) and the Artificial Intelligence Act (AIA) proposal, containing additional cybersecurity requirements applicable to medical devices. This article analyses how the new reforms interact with the existing legislation from a cybersecurity perspective. The research finds that parallel provision of analogous cybersecurity requirements (especially on notification requirements) could lead to regulatory overlapping, fragmentation, and uneven levels of protection of individuals in the EU internal market. In the \"Recommendations and conclusions\", the article provides policy recommendations to the EU legislator to help mitigate these risks.</p>","PeriodicalId":73412,"journal":{"name":"International cybersecurity law review","volume":"3 1","pages":"163-180"},"PeriodicalIF":0.0000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9108685/pdf/","citationCount":"7","resultStr":"{\"title\":\"Cybersecurity of medical devices: new challenges arising from the AI Act and NIS 2 Directive proposals.\",\"authors\":\"Elisabetta Biasin, Erik Kamenjašević\",\"doi\":\"10.1365/s43439-022-00054-x\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><p>Cyberattacks on the IT infrastructure of hospitals, electronic health records or medical devices that have taken place during the COVID-19 pandemic reaffirmed how crucial it is to ensure cybersecurity in the healthcare sector. Medical devices are regulated in the European Union (EU) through vertical product-specific legislation, such as the Medical Device Regulation (MDR), among others. The MDR foresees safety requirements implying cybersecurity obligations for medical device manufacturers. In 2021, the EU legislator put forward the Network and Information Security System Directive reform (NIS 2) and the Artificial Intelligence Act (AIA) proposal, containing additional cybersecurity requirements applicable to medical devices. This article analyses how the new reforms interact with the existing legislation from a cybersecurity perspective. The research finds that parallel provision of analogous cybersecurity requirements (especially on notification requirements) could lead to regulatory overlapping, fragmentation, and uneven levels of protection of individuals in the EU internal market. In the \\\"Recommendations and conclusions\\\", the article provides policy recommendations to the EU legislator to help mitigate these risks.</p>\",\"PeriodicalId\":73412,\"journal\":{\"name\":\"International cybersecurity law review\",\"volume\":\"3 1\",\"pages\":\"163-180\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9108685/pdf/\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International cybersecurity law review\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1365/s43439-022-00054-x\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"2022/5/16 0:00:00\",\"PubModel\":\"Epub\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International cybersecurity law review","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1365/s43439-022-00054-x","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2022/5/16 0:00:00","PubModel":"Epub","JCR":"","JCRName":"","Score":null,"Total":0}
Cybersecurity of medical devices: new challenges arising from the AI Act and NIS 2 Directive proposals.
Cyberattacks on the IT infrastructure of hospitals, electronic health records or medical devices that have taken place during the COVID-19 pandemic reaffirmed how crucial it is to ensure cybersecurity in the healthcare sector. Medical devices are regulated in the European Union (EU) through vertical product-specific legislation, such as the Medical Device Regulation (MDR), among others. The MDR foresees safety requirements implying cybersecurity obligations for medical device manufacturers. In 2021, the EU legislator put forward the Network and Information Security System Directive reform (NIS 2) and the Artificial Intelligence Act (AIA) proposal, containing additional cybersecurity requirements applicable to medical devices. This article analyses how the new reforms interact with the existing legislation from a cybersecurity perspective. The research finds that parallel provision of analogous cybersecurity requirements (especially on notification requirements) could lead to regulatory overlapping, fragmentation, and uneven levels of protection of individuals in the EU internal market. In the "Recommendations and conclusions", the article provides policy recommendations to the EU legislator to help mitigate these risks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
