Un approccio pratico di ‘legal design’: la Guida al regolamento UE Cyber Resilience Act. Metodo, obiettivi ed impatti
DOI:
https://doi.org/10.32091/RIID0253Keywords:
Legal design, Cybersecurity, Cyber Resilience Act, EU law, Multidisciplinary researchAbstract
A practical legal design approach: the Guide to the EU Regulation Cyber Resilience Act. Methodology, goals and impacts
This article outlines the multidisciplinary work behind the ‘Guide to the EU Cyber Resilience Act: a legal-design approach’ project, with a particular emphasis on its methodology, objectives, and expected impacts. The Guide aims to clarify the application of EU Regulation 2024/2847 (Cyber Resilience Act, CRA). To lower the high technical-legal complexity of the CRA, the Guide employs an innovative approach that integrates legal design principles with technical expertise, encompassing both IT and legal aspects, in the cybersecurity field. The CRA’s complex provisions and mechanisms are translated into processes that are more accessible to those required to implement them, thereby reducing the risk of misinterpretation during compliance planning and implementation phases.
References
R. Caso (2022), Open data, ricerca scientifica e privatizzazione della conoscenza, in “Il Diritto dell’Informazione e dell’Informatica”, 2022, n. 4-5
P. G. Chiara (2025), Understanding the Regulatory Approach of the Cyber Resilience Act: Protection of Fundamental Rights in Disguise?, in “European Journal of Risk Regulation”, vol. 16, 2025, n. 2
P.G. Chiara (2022), Commission Delegated Regulation (EU) 2022/30 Supplementing Directive 2014/53/EU on Radio Equipment: Strengthening Cybersecurity, Privacy and Personal Data Protection of Wireless Devices, in “European Data Protection Law Review”, vol. 8, 2022, n. 1
Commissione europea (2025), Omnibus package, in “Simplifying the Single Market”, single-market-economy.ec.europa.eu
Commissione europea (2022), La guida blu all’attuazione della normativa UE sui prodotti 2022, 2022/C 247/01
M. Draghi (2024), The future of European competitiveness: a competitiveness strategy for Europe, in commission.europa.eu, 2024
R. Ducato, A. Strowel (eds.) (2021), Legal Design Perspectives. Theoretical and Practical Insights from the Field, Ledizioni, 2021
R. Ducato, A. Strowel, E. Marique (eds.) (2024), Design(s) for Law, Ledizioni, 2024
EDRi (2022), How it started, how it’s going: Halfway through the current European Commission’s legislative term, in “edri.org”, 2022
Garante per la Protezione dei Dati Personali (2025), Rendere le informative privacy più chiare e rapidamente comprensibili – il Legal Design come approccio rivolto all’utente, in “www.igsg.cnr.it”, 2025
M. Hagan (2020), Legal design as a thing: A theory of change and a set of methods to craft a human-centered legal system, in “Design Issues”, vol. 36, 2020, n. 3
Joint Research Centre & ENISA (2024), Cyber Resilience Act Requirements Standards Mapping, Publications Office of the European Union, 2024
I. Kamara (2025), Standardising personal data protection, Oxford University Press, 2025
R. Koulu, J. Pohle (2024), Legal Design Patterns: New Tools for Analysis and Translations Between Law and Technology, in “Digital Society”, vol. 3, 2024, n. 22
Legal Design Alliance (2018), The Legal Design Manifesto v 1.0, in “www.legaldesignalliance.org”, 2018
M. Lewrick, P. Link, L. Leifer (2020), The Design Thinking Toolbox. A Guide to Mastering the Most Popular and Valuable Innovation Methods, Wiley, 2020
M. Lewrick, P. Link, L. Leifer (2018), The Design Thinking Playbook. Mindful Digital Transformation of Teams, Products, Services, Businesses and Ecosystems, Wiley, 2018
A. Mantelero, G. Vaciago, M.S. Esposito, N. Monte (2020), The common EU approach to personal data and cybersecurity regulation, in “International Journal of Law and Information Technology”, vol. 28, 2020, n. 4
C.F. Mondschein (2016), Some Iconoclastic Thoughts on the Effectiveness of Simplified Notices and Icons for Informing Individuals as Proposed in Article 12 (1) and (7) GDPR, in “European Data Protection Law Review”, vol. 2, 2016, n. 4
V. Papakonstantinou, P. De Hert (2024), The Regulation of Digital Technologies in the EU: Act-ification, GDPR Mimesis and EU Law Brutality at Play, Routledge, 2024
L. Perondi (2024), La forma grafica del testo, in B. Pasa, G. Sinni (a cura di), “Transparency by Design. Incontro interdisciplinare sul principio di trasparenza dei dati personali” (Venezia, 19 dicembre 2022), Bembo Officina Editoriale, 2024
A. Rossi, M. Palmirani (2020), Can visual design provide legal transparency? The challenges for successful implementation of icons for data protection, in “Design Issues”, vol. 36, 2020, n. 3
A. Rossi, R. Ducato, H. Haapio, S. Passera (2019), Legal Design Patterns: Towards A New Language for Legal Information Design, in E. Schweighofer, F. Kummer, A. Saarenpää (eds.), “Internet of Things. Proceedings of the 22nd International Legal Infomatics Symposium IRIS 2019”, Weblaw ed., 2019
A. Rossi, H. Haapio (2019), Proactive Legal Design: Embedding Values in the Design of Legal Artefacts, in E. Schweighofer, F. Kummer, A. Saarenpää (eds.) “Internet of Things. Proceedings of the 22nd International Legal Infomatics Symposium IRIS 2019”, Weblaw ed., 2019
M. Rundle (2006), International Personal Data Protection and Digital Identity Management Tools, in “Berkman Center Research Publication” No. 2006–06, 2006
F. Teichmann, B.S. Sergi (2025), The EU Cyber Resilience Act: Hybrid governance, compliance, and cybersecurity regulation in the digital ecosystem, in “Computer Law & Security Review”, vol. 59, 2025
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Rivista italiana di informatica e diritto
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
rivistariidATigsg.cnr.it