{"id":"https://openalex.org/W7125511414","doi":"https://doi.org/10.1016/j.infsof.2026.108033","title":"Uncovering challenges of cybersecurity cross-regulation in EU legislation","display_name":"Uncovering challenges of cybersecurity cross-regulation in EU legislation","publication_year":2026,"publication_date":"2026-01-23","ids":{"openalex":"https://openalex.org/W7125511414","doi":"https://doi.org/10.1016/j.infsof.2026.108033"},"language":"en","primary_location":{"id":"doi:10.1016/j.infsof.2026.108033","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.infsof.2026.108033","pdf_url":null,"source":{"id":"https://openalex.org/S205010575","display_name":"Information and Software Technology","issn_l":"0950-5849","issn":["0950-5849","1873-6025"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information and Software Technology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1016/j.infsof.2026.108033","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5033220404","display_name":"Daniele Canavese","orcid":"https://orcid.org/0000-0002-4265-7743"},"institutions":[{"id":"https://openalex.org/I4210095637","display_name":"Superconducting and other Innovative Materials and Devices Institute","ror":"https://ror.org/00p03yg71","country_code":"IT","type":"facility","lineage":["https://openalex.org/I4210095637","https://openalex.org/I4210155236"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Daniele Canavese","raw_affiliation_strings":["CNR-IMATI, Via de Marini 6, Genoa, 16149, Italy"],"raw_orcid":"https://orcid.org/0000-0002-4265-7743","affiliations":[{"raw_affiliation_string":"CNR-IMATI, Via de Marini 6, Genoa, 16149, Italy","institution_ids":["https://openalex.org/I4210095637"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123689339","display_name":"Afonso Ferreira","orcid":null},"institutions":[{"id":"https://openalex.org/I1294671590","display_name":"Centre National de la Recherche Scientifique","ror":"https://ror.org/02feahw73","country_code":"FR","type":"government","lineage":["https://openalex.org/I1294671590"]},{"id":"https://openalex.org/I134560555","display_name":"Universit\u00e9 Toulouse III - Paul Sabatier","ror":"https://ror.org/02v6kpv12","country_code":"FR","type":"education","lineage":["https://openalex.org/I134560555"]},{"id":"https://openalex.org/I3131550300","display_name":"Universit\u00e9 Toulouse-I-Capitole","ror":"https://ror.org/0443n9e75","country_code":"FR","type":"education","lineage":["https://openalex.org/I3131550300"]},{"id":"https://openalex.org/I4210119061","display_name":"Institut de Recherche en Informatique de Toulouse","ror":"https://ror.org/01rx4qw44","country_code":"FR","type":"facility","lineage":["https://openalex.org/I1294671590","https://openalex.org/I205747304","https://openalex.org/I205747304","https://openalex.org/I4210119061","https://openalex.org/I4387153255","https://openalex.org/I4405258862","https://openalex.org/I4405258862"]},{"id":"https://openalex.org/I4210152422","display_name":"Universit\u00e9 Toulouse - Jean Jaur\u00e8s","ror":"https://ror.org/04ezk3x31","country_code":"FR","type":"education","lineage":["https://openalex.org/I4210152422","https://openalex.org/I4405258862"]},{"id":"https://openalex.org/I4210160189","display_name":"Institut Polytechnique de Bordeaux","ror":"https://ror.org/054qv7y42","country_code":"FR","type":"education","lineage":["https://openalex.org/I4210160189"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Afonso Ferreira","raw_affiliation_strings":["CNRS-IRIT, 118 Route de Narbonne, Toulouse, 31062, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CNRS-IRIT, 118 Route de Narbonne, Toulouse, 31062, France","institution_ids":["https://openalex.org/I4210152422","https://openalex.org/I1294671590","https://openalex.org/I134560555","https://openalex.org/I4210119061","https://openalex.org/I3131550300","https://openalex.org/I4210160189"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073177074","display_name":"Liina Kamm","orcid":"https://orcid.org/0000-0003-1479-2195"},"institutions":[{"id":"https://openalex.org/I4210160054","display_name":"Cybernetica (Estonia)","ror":"https://ror.org/054gqc795","country_code":"EE","type":"company","lineage":["https://openalex.org/I4210160054"]}],"countries":["EE"],"is_corresponding":false,"raw_author_name":"Liina Kamm","raw_affiliation_strings":["Cybernetica AS, M\u00e4ealuse 2/1, Tallinn, 12618, Estonia"],"raw_orcid":"https://orcid.org/0000-0003-1479-2195","affiliations":[{"raw_affiliation_string":"Cybernetica AS, M\u00e4ealuse 2/1, Tallinn, 12618, Estonia","institution_ids":["https://openalex.org/I4210160054"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5123649556","display_name":"Adrian Quesada Rodriguez","orcid":null},"institutions":[{"id":"https://openalex.org/I121748325","display_name":"Universidad Complutense de Madrid","ror":"https://ror.org/02p0gd045","country_code":"ES","type":"education","lineage":["https://openalex.org/I121748325"]},{"id":"https://openalex.org/I4210088449","display_name":"HES-SO Gen\u00e8ve","ror":"https://ror.org/007gfwn20","country_code":"CH","type":"education","lineage":["https://openalex.org/I173439891","https://openalex.org/I4210088449"]},{"id":"https://openalex.org/I88060688","display_name":"Universidad Polit\u00e9cnica de Madrid","ror":"https://ror.org/03n6nwv02","country_code":"ES","type":"education","lineage":["https://openalex.org/I88060688"]}],"countries":["CH","ES"],"is_corresponding":false,"raw_author_name":"Adrian Quesada Rodriguez","raw_affiliation_strings":["Mandat International, Avenue de S\u00e9cheron 15, Gen\u00e8ve, 1202, Switzerland","Universidad Polit\u00e9cnica de Madrid, Avenida Complutense, 30, 28040 Madrid, Espa\u00f1a, Spain"],"raw_orcid":"https://orcid.org/0000-0003-0351-2346","affiliations":[{"raw_affiliation_string":"Mandat International, Avenue de S\u00e9cheron 15, Gen\u00e8ve, 1202, Switzerland","institution_ids":["https://openalex.org/I4210088449"]},{"raw_affiliation_string":"Universidad Polit\u00e9cnica de Madrid, Avenida Complutense, 30, 28040 Madrid, Espa\u00f1a, Spain","institution_ids":["https://openalex.org/I88060688","https://openalex.org/I121748325"]}]}],"institutions":[],"countries_distinct_count":5,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5033220404"],"corresponding_institution_ids":["https://openalex.org/I4210095637"],"apc_list":{"value":3350,"currency":"USD","value_usd":3350},"apc_paid":{"value":3350,"currency":"USD","value_usd":3350},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.13298852,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"193","issue":null,"first_page":"108033","last_page":"108033"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.4596000015735626,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.4596000015735626,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T13295","display_name":"Safety Systems Engineering in Autonomy","score":0.14319999516010284,"subfield":{"id":"https://openalex.org/subfields/2213","display_name":"Safety, Risk, Reliability and Quality"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.07580000162124634,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/resilience","display_name":"Resilience (materials science)","score":0.6240000128746033},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6080999970436096},{"id":"https://openalex.org/keywords/legislation","display_name":"Legislation","score":0.4724999964237213},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.44279998540878296},{"id":"https://openalex.org/keywords/drone","display_name":"Drone","score":0.4350000023841858},{"id":"https://openalex.org/keywords/european-union","display_name":"European union","score":0.4350000023841858},{"id":"https://openalex.org/keywords/interoperability","display_name":"Interoperability","score":0.43459999561309814},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.373199999332428}],"concepts":[{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.6240000128746033},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6080999970436096},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5537999868392944},{"id":"https://openalex.org/C2777351106","wikidata":"https://www.wikidata.org/wiki/Q49371","display_name":"Legislation","level":2,"score":0.4724999964237213},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.45969998836517334},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.44279998540878296},{"id":"https://openalex.org/C59519942","wikidata":"https://www.wikidata.org/wiki/Q650665","display_name":"Drone","level":2,"score":0.4350000023841858},{"id":"https://openalex.org/C2910001868","wikidata":"https://www.wikidata.org/wiki/Q458","display_name":"European union","level":2,"score":0.4350000023841858},{"id":"https://openalex.org/C20136886","wikidata":"https://www.wikidata.org/wiki/Q749647","display_name":"Interoperability","level":2,"score":0.43459999561309814},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.40779998898506165},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.4000999927520752},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.373199999332428},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.3366999924182892},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.3215999901294708},{"id":"https://openalex.org/C79581498","wikidata":"https://www.wikidata.org/wiki/Q1367530","display_name":"Suite","level":2,"score":0.3061000108718872},{"id":"https://openalex.org/C110354214","wikidata":"https://www.wikidata.org/wiki/Q6314146","display_name":"Engineering management","level":1,"score":0.2994000017642975},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.29280000925064087},{"id":"https://openalex.org/C2781460075","wikidata":"https://www.wikidata.org/wiki/Q1399332","display_name":"Compliance (psychology)","level":2,"score":0.2847000062465668},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.2766999900341034},{"id":"https://openalex.org/C80958533","wikidata":"https://www.wikidata.org/wiki/Q1047174","display_name":"Audit trail","level":3,"score":0.27059999108314514},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.26930001378059387},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.2680000066757202},{"id":"https://openalex.org/C54534927","wikidata":"https://www.wikidata.org/wiki/Q4462275","display_name":"Software requirements","level":5,"score":0.2676999866962433},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.26440000534057617},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.25459998846054077},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.2522999942302704}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1016/j.infsof.2026.108033","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.infsof.2026.108033","pdf_url":null,"source":{"id":"https://openalex.org/S205010575","display_name":"Information and Software Technology","issn_l":"0950-5849","issn":["0950-5849","1873-6025"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information and Software Technology","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1016/j.infsof.2026.108033","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.infsof.2026.108033","pdf_url":null,"source":{"id":"https://openalex.org/S205010575","display_name":"Information and Software Technology","issn_l":"0950-5849","issn":["0950-5849","1873-6025"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information and Software Technology","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1396628835","display_name":null,"funder_award_id":"101168144","funder_id":"https://openalex.org/F4320334322","funder_display_name":"HORIZON EUROPE Framework Programme"},{"id":"https://openalex.org/G3255061298","display_name":null,"funder_award_id":"101086308","funder_id":"https://openalex.org/F4320334322","funder_display_name":"HORIZON EUROPE Framework Programme"}],"funders":[{"id":"https://openalex.org/F4320320883","display_name":"Agence Nationale de la Recherche","ror":"https://ror.org/00rbzpz17"},{"id":"https://openalex.org/F4320321976","display_name":"Haridus- ja Teadusministeerium","ror":"https://ror.org/051aqjh92"},{"id":"https://openalex.org/F4320322892","display_name":"Centre National de la Recherche Scientifique","ror":"https://ror.org/02feahw73"},{"id":"https://openalex.org/F4320324215","display_name":"Conseil National de la Recherche Scientifique","ror":"https://ror.org/00x9ewr78"},{"id":"https://openalex.org/F4320334322","display_name":"HORIZON EUROPE Framework Programme","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":7,"referenced_works":["https://openalex.org/W4223605145","https://openalex.org/W4307983286","https://openalex.org/W4323530307","https://openalex.org/W4406754779","https://openalex.org/W4407880928","https://openalex.org/W4414443888","https://openalex.org/W7117677744"],"related_works":[],"abstract_inverted_index":{"The":[0],"European":[1,217],"Union":[2],"has":[3],"recently":[4],"introduced":[5],"a":[6,51,79,86,94,134,141,224,229],"suite":[7],"of":[8,35,73,88],"foundational":[9],"digital":[10,218],"regulations\u2014the":[11],"Cyber":[12],"Resilience":[13],"Act,":[14,18],"the":[15,19,23,28,33,61,70,101,216,237],"Artificial":[16],"Intelligence":[17],"Radio":[20],"Equipment":[21],"Directive,":[22,26],"NIS":[24],"2":[25],"and":[27,45,64,90,99,127,154,174,200,251],"Cybersecurity":[29],"Act\u2014that":[30],"directly":[31],"affect":[32],"engineering":[34,81,136,231],"software-intensive":[36],"systems.":[37,191],"While":[38],"these":[39],"instruments":[40],"aim":[41],"to":[42,84,130,207,228],"enhance":[43],"trust":[44],"security,":[46],"their":[47,108,117],"overlapping":[48],"scopes":[49],"generate":[50],"complex":[52],"compliance":[53,205,222,234],"landscape":[54,219],"that":[55,145,184,215],"software":[56,80,210,238],"development":[57,239],"must":[58],"address":[59],"at":[60],"design,":[62,153],"implementation,":[63],"deployment":[65],"stages.":[66],"This":[67],"paper":[68],"examines":[69],"cross-regulatory":[71],"impact":[72],"such":[74],"EU":[75],"cybersecurity":[76],"legislation":[77],"from":[78,124,223],"perspective,":[82],"aiming":[83],"provide":[85],"set":[87],"guidelines":[89],"recommendations":[91,196],"for":[92,197],"implementing":[93],"compliance-by-design":[95,142],"approach.":[96,137],"We":[97,114,192],"analyse":[98],"compare":[100],"five":[102],"legal":[103,135],"instruments,":[104],"focusing":[105],"on":[106],"how":[107],"obligations":[109],"intersect":[110],"with":[111,194],"each":[112],"other.":[113],"then":[115],"translate":[116],"regulatory":[118,147,186,244],"requirements":[119,150],"into":[120,149,236],"actionable":[121],"artefacts,":[122],"ranging":[123],"architectural":[125],"constraints":[126],"security":[128],"controls":[129],"organisational":[131],"processes,":[132],"using":[133],"Finally,":[138],"we":[139,159],"propose":[140],"lifecycle":[143,240],"pattern":[144],"integrates":[146],"alignment":[148,245],"engineering,":[151],"system":[152,249],"testing.":[155],"To":[156],"demonstrate":[157,183],"applicability,":[158],"evaluate":[160],"three":[161],"representative":[162],"use":[163],"cases:":[164],"an":[165,169,175,203],"AI-enabled":[166],"power":[167],"plant,":[168],"autonomous":[170],"drone":[171],"delivery":[172],"platform,":[173],"AI-powered":[176],"clinical":[177],"decision":[178],"support":[179],"system.":[180],"These":[181],"examples":[182],"multiple":[185],"regimes":[187],"often":[188],"govern":[189],"software-based":[190],"conclude":[193],"practical":[195],"suppliers,":[198],"deployers,":[199],"policymakers":[201],"towards":[202],"integrated":[204],"framework":[206],"promote":[208],"compliance-aware":[209],"engineering.":[211],"Our":[212],"findings":[213],"indicate":[214],"is":[220],"shifting":[221],"post-hoc":[225],"audit":[226],"exercise":[227],"design-time":[230],"principle.":[232],"Embedding":[233],"early":[235],"not":[241],"only":[242],"supports":[243],"but":[246],"also":[247],"improves":[248],"resilience":[250],"trustworthiness.":[252]},"counts_by_year":[],"updated_date":"2026-02-04T23:10:29.248076","created_date":"2026-01-24T00:00:00"}