Skip to main content

About the CDSL



CDSL, a part of LSTS, aims to explore all legal aspects of cybersecurity and information security. The regulatory response to cybersecurity and information security has come forcefully to the fore, following the exponential increase in importance of the fields it intends to regulate. The digitisation of practically all human activities inevitably raises an important question of security: Same as in the real world, digital activities need to take place within a safe, secure and trustworthy environment.

However, the notion of security being intrinsically connected with national sovereignty as well as individual autonomy and freedom, its exact content differs substantially across the globe. This in turn affects public perceptions and expectations related to it, ultimately influencing the regulatory response per se.

CDSL aims to promote understanding and knowledge on all legal aspects of cybersecurity and information security through research that assesses actual regulatory responses and policy-making options against challenges posed by technological advances and social requirements within the global environment. 

In order to do so CDSL:

  • carries out academic research on all legal aspects of cybersecurity and information security at EU, EU Member State, and international level;
  • carries out funded research for EU, national and international organisations;
  • provides advice and guidance both on compliance with applicable regulatory framework;
  • explores policy options and participates in law-making processes within its fields of expertise;
  • participates and promotes international dialogue and understanding as well as knowledge transfer.

CDSL was established in 2018. It is part of the Research Group on Law, Science, Technology & Society (LSTS) at the Faculty of Law of Vrije Universiteit Brussel (VUB), Belgium. ìt is run by a Steering Committee, a Coordinator and Researchers, all assisted by its Scientific Committee.




CDSL’s scope of work includes all legal aspects of cybersecurity and information security, namely:

⁃    Cybersecurity;
⁃    Cyberwar and cyberdefence;
⁃    Cybercrime;
⁃    Information security;
⁃    State and national security;
⁃    Law enforcement and criminal justice.

To a large extent the above fields include or are related to the processing of personal information. Within the EU such processing falls under basic EU data protection law, both horizontal (the Police and Criminal Justice Data Protection Directive, the General Data Protection Regulation, and Regulation (EU) 2018/1725) and sectoral (processing carried out by EU and Member States' law enforcement agencies and bodies, such as Europol, Eurojust, Frontex etc.). CDSL has a particularly strong record on data privacy law, benefiting from its relationship with VUB's LSTS, that has been particularised and aimed specifically at security- and law enforcement-related personal data processing.