Cybersecurity in Cloud Industry: Legal Obligations and Liabilities under European Regulations & Technological Advancements

Wasim Khraisha

doi:10.38146/bsz-ajia.2026.v74.i1.pp165-182

Évf. 74 szám 1 (2026), Tanulmányok

Évf. 74 szám 1 (2026)

Cybersecurity in Cloud Industry: Legal Obligations and Liabilities under European Regulations & Technological Advancements

Tanulmányok

Megjelent 2026-01-30

Wasim Khraisha⁺⁻

Wasim Khraisha

Károli Gáspár University of the Reformed Church in Hungary, Doctoral School of Law and Political Sciences

https://orcid.org/0009-0007-8867-9917

PDF

Kulcsszavak

Cloud Computing, Cybersecurity, Data Protection, GDPR

Hogyan kell idézni

Cybersecurity in Cloud Industry: Legal Obligations and Liabilities under European Regulations & Technological Advancements. (2026). Belügyi Szemle, 74(1), 165-182. https://doi.org/10.38146/bsz-ajia.2026.v74.i1.pp165-182

Absztrakt

Aim: This article examines the cybersecurity weaknesses associated with cloud computing and the relevant legal regulations within the European Union that address these issues. The topic looks into the responsibilities and legal issues surrounding cloud cybersecurity. It explains the roles of cloud actors, such as controllers and processors, and how contracts—such as Service Level Agreements (SLAs)—can help mitigate cybersecurity threats. Finally, the paper addresses the contemporary trends shaping cloud security, such as artificial intelligence (AI) and blockchain technology.

Methodology: This article utilizes a doctrinal legal analysis method, systematically reviewing relevant European regulations (GDPR, NIS2 Directive, Cybersecurity Act), contractual frameworks, and academic literature. Sources were selected based on their authority, relevance, and currency, focusing specifically on cybersecurity obligations, liability issues, and emerging technologies like AI and Blockchain. Through comparative analysis and synthesis, the research identifies key legal interpretations and technological impacts on cloud cybersecurity.

Findings: Ensuring cybersecurity in the cloud environment is possible, but it remains a complex task. It is a shared responsibility of the cloud parties. However, many gaps and challenges may still exist. That is why employing technological innovations would enhance the security levels in the cloud thanks to the capabilities they offer. Generally, when applied properly, these measures and techniques would improve the overall security of the cloud environment, leading to crucial legal and economic outcomes for the cloud stakeholders in the market.

Value: Recently, cloud-computing technology has been evolving as a general-purpose technology whose impact and adoption spans all sectors of the economy. Crucially, its overall cybersecurity is a pivotal concern. While regulations and technologies offer exciting potential pathways for detecting and proving cybersecurity threats and malicious behaviors in the cloud ecosystem, their deployment raises new legal and technical concerns. This article calls attention to the need for several cloud security requirements, such as pre-contractual risk assessments, improved regulatory effectiveness, and the establishment of credible cybersecurity certification systems. Ultimately, this contributes to enhancing the overall security of the cloud environment.

PDF

Hivatkozások

Carey, P. (2018). Data protection: A practical guide to UK and EU law (5th ed.). Oxford University Press.

Dagostino, G. (2019). Data security in cloud computing (1st ed.). Momentum Press.

Eryurek, E., Vladimirov, A., Kalyanasundaram, S., & Gupta, P. (2021). Data governance: The definitive guide. O’Reilly Media.

Geradin, D., Bania, K., Katsifis, D., & Circiumaru, A. (2022). The regulation of cloud computing: Getting it right. SSRN. https://doi.org/10.2139/ssrn.4285731

Hon, W. K. (2018). Cloud service providers under the NIS Directive: The UK’s implementation (with GDPR comparisons). SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3200149

Lynn, T., Mooney, J. G., van der Werff, L., & Fox, G. (szerk.). (2021). Data privacy and trust in cloud computing: Building trust in the cloud through assurance and accountability. Palgrave Macmillan. https://doi.org/10.1007/978-3-030-54660-1

McGillivray, K. (2022). Government cloud procurement. Cambridge University Press.

Millard, C. (2021). Cloud computing law. Oxford University Press.

Montagnani, M. L., & Cavallo, M. A. (2018). Cybersecurity and liability in a big data world. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3220475

Radu, B. (2015). Key aspects of cloud-computing services-related contracts. National Strategies Observer, 1(2). https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2787620

Rittinghouse, J. W., & Ransome, J. F. (2010). Cloud computing implementation, management, and security. CRC Press.

Roztocki, N., Soja, P., & Weistroffer, H. R. (2019). The role of information and communication technologies in socioeconomic development: Towards a multidimensional framework. Information Technology for Development, 25(2), 171–183. https://doi.org/10.1080/02681102.2019.1596654

Tsvilii, O. (2021). Cybersecurity regulation: Cybersecurity certification of operational technologies. Technology Audit and Production Reserves, 1(2(57)), 54–60. https://doi.org/10.15587/2706-5448.2021.225271

Vandezande, N. (2023). Cybersecurity in the EU: How the NIS2 Directive stacks up against its predecessor. SSRN. https://doi.org/10.2139/ssrn.4383118

Voigt, P., & von dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR): A practical guide. Springer.