EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Platform governance under NIS2 and the Cyber Resilience Act: cybersecurity by design as social practice

Fabian Teichmann

LSE Research Online Documents on Economics from London School of Economics and Political Science, LSE Library

Abstract: Platform governance is increasingly shaped by regulatory mandates that embed cybersecurity principles into the design and operation of digital services. This study examines how the European Union’s NIS2 Directive and proposed Cyber Resilience Act (CRA) institutionalize ‘cybersecurity-by-design’ within platform ecosystems, and how this shift is understood as a social practice. It outlines the key requirements these frameworks impose on online platforms, from risk management processes and secure development obligations to lifecycle vulnerability handling, and compares them with international approaches such as the US Executive Order 14028 and ISO 27001 standards. Drawing on sociological perspectives, including actor-network theory, Bourdieu’s theory of practice, and Science and Technology Studies, the study argues that cybersecurity-by-design constitutes not merely a technical mandate but a practice shaped by organizational cultures, power relations, and the circulation of knowledge among stakeholders. This argument is illustrated through case studies of the security challenges and compliance strategies of major platforms, emphasizing how law, technology, and social dynamics intersect. The discussion explores the opportunities and tensions involved in regulating platform security by design, including balancing control and trust, considering global governance implications, and addressing the influence of commercial incentives as described by surveillance capitalism. The study indicates that effective cybersecurity-by-design requires not only legal enforcement but also the active engagement of practitioner communities and users, making it a sociotechnical project embedded in a broader societal context.

Keywords: actor-network theory; Cyber Resilience Act; Cybersecurity-by-design; NIS2 Directive; platform governance; surveillance capitalism (search for similar items in EconPapers)
JEL-codes: J01 R14 (search for similar items in EconPapers)
Pages: 14 pages
Date: 2026-01-06
New Economics Papers: this item is included in nep-pay and nep-reg
References: Add references at CitEc
Citations:

Published in Information, Communication and Society, 6, January, 2026. ISSN: 1369-118X

Downloads: (external link)
https://researchonline.lse.ac.uk/id/eprint/130856/ Open access version. (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:ehl:lserod:130856

Access Statistics for this paper

More papers in LSE Research Online Documents on Economics from London School of Economics and Political Science, LSE Library LSE Library Portugal Street London, WC2A 2HD, U.K.. Contact information at EDIRC.
Bibliographic data for series maintained by LSERO Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2026-02-03
Handle: RePEc:ehl:lserod:130856