The cybersecurity and AI nexus in the EU digital acquis

This paper explores the interplay between cybersecurity and artificial intelligence within the European Union’s digital legislation. While cybersecurity has been seen as a tool to safeguard data protection, its emerging role suggests a broader regulatory ambition. The analysis investigates whether cybersecurity, as framed in the AI Act, may be transitioning toward a more autonomous legal status, possibly akin to a fundamental right. Through a doctrinal and normative assessment, the paper examines the tripartite role cybersecurity plays in the AI Act—as a non-functional requirement, a criterion for conformity assessment, and an organizational measure. Despite frequent references to cybersecurity and its conceptual proximity to data protection, the AI Act ultimately treats it within the confines of product safety legislation. The findings suggest that although cybersecurity is essential for AI system governance, its recognition as a fundamental right remains aspirational within the current EU legal landscape.