The CEPIS Legal and Security Issues (LSI) expert group brings together experts from CEPIS Member Societies to provide independent professional expertise on IT-related legislation and cybersecurity issues.

The group’s main activities are developing, discussing and promoting CEPIS opinions on current cybersecurity issues and communicating them to the relevant institutions. The group also actively participates in other cybersecurity-related organisations, such as ENISA and ECSO.


CEPIS against total surveillance of digital communications in the EU (2021)

The Legal and Security Issues (LSI) expert group has produced a statement opposing the European Commission’s plans to oblige communication services providers (e-mail, messaging, video conferencing, etc.) to monitor all content, even if it is encrypted.

The regulation is pre-announced to be published before the end of 2021 or soon after. CEPIS firmly rejects this plan.

CEPIS urges the European Commission, the European Parliament and the governments of the EU member states to prevent this serious and far-reaching violation of fundamental rights. The European Parliament, in particular, is called upon to take immediate and decisive action against the Commission’s plans that are damaging to our community.

Letter to the European Commission: Concerning the Anticipated acquisition by Nvidia of Arm’s Intellectual Property Group business (2021)

CEPIS’ Legal and Security Issues Special Interest Network (LSI SIN) has submitted a letter to the Executive Vice-President for A Europe Fit for the Digital Age and Competition Margrethe Vestager and the Commissioner for Internal Market Thierry Breton about the anticipated acquisition of Arm’s Intellectual Property Group business by Nvidia.

The group has analysed the situation and has found serious reasons for concerns, that are presented in more detail in the attachment.

Statement: Right to Encryption Instead of a Master Key For Encrypted Communication (2020)

CEPIS’ Legal and Security Issues Special Interest Network (LSI SIN) calls for the rejection of a planned resolution in the Council of Ministers, which would grant authorities special access to encrypted communication between EU citizens. The special access, or ‘master key’, will weaken end-to-end encryption, and endangers digitisation in Europe, the LSI network warns. For this reason, the LSI Network and CEPIS call on the German Federal Government as the current Council Chair, the European Commission, and the European Parliament to vehemently oppose this proposal to weaken end-to-end encryption and instead advocate a European “right to encryption”.

Open letter on E-evidence Regulation: CEPIS calls for no direct cross-border access to personal data (2020)

The European Commission’s draft proposal for a Regulation on cross-border access to electronic evidence in criminal matters includes enabling law enforcement authorities of a Member State (issuing state) to directly oblige providers established in another Member State (enforcing state) to disclose metadata and content data of their customers.

The CEPIS LSI SIN has drafted an open letter which strongly warns against this initiative. The proposal deprives states of the ability to protect the fundamental rights of their citizens. It undermines European data protection law and threatens to damage the existing international system of mutual legal assistance in criminal matters. Only two years after the deadline for implementing the European investigation order, it has not been clarified whether there are any gaps in cross-border criminal prosecution.

CEPIS signs open letter to EU Commissioners on Deep Packet Inspection (2019)

Internet access service providers are increasingly using Deep Packet Inspection (DPI) technology for traffic management and differentiated pricing of specific services or applications as part of their product design. DPI inspects in detail the data being sent over a computer network and blocks, rerouts or logs data according to necessity. Most often users are not consulted or informed about the use of DPI.
That is why an open letter to the European Commission was initiated by EDRi and Another 12 organisations from all over Europe signed the letter in support. These concerns align with those of CEPIS. On the initiative of the LSI SIN, CEPIS has added its voice to the signatories of this letter.

Previous statements

CEPIS LSI SIN has produced many reports and policy papers in the past on the following subjects. Should you be interested in any of them, please kindly contact the CEPIS Secretariat.

  • CEPIS calls for really secure ICT hardware and software in Europe (2018)
  • CEPIS Comments on New regulation on European Union Network and Information Security Agency (ENISA) (2018)
  • Best Practices for a journey towards secure cyberspace (2018)
  • Critical technological dependency requires a revised privacy policy of major service providers (2016)
  • Report on the EU Cloud Security Workshop: Building Trust in Cloud Services – Certification and Beyond (2016)
  • Position on the Electronic identification and trust services (eIDAS) (2015)
  • Statement on Supporting High-level Decision Making on Cyber Security and Privacy Protection with Reliable Data (2014)
  • Assisting EU Citizens with Reliable ICT Security Information (2013)
  • Statement on the Future EU Data Protection Regulation (2013)
  • Cloud Computing Security and Privacy Statement (2011)
  • Letter of support on data protection in the framework of police and judicial cooperation in criminal matters to the European Data Protection Supervisor Peter Hustinx (2009)
  • Privacy-Consistent Banking Acquisition Statement (2009)
  • Social Networks – Problems of Security and Data Privacy (2008)
  • Position paper on data retention (2007)
  • Authentication approaches for on-line banking (2007)


Why not keep up to date with all our latest news and events?