The CEPIS Legal and Security Issues (LSI) expert group brings together experts from CEPIS Member Societies to provide independent professional expertise on IT-related legislation and cybersecurity issues.
The group’s main activities are developing, discussing and promoting CEPIS opinions on current cybersecurity issues and communicating them to the relevant institutions. The group also actively participates in other cybersecurity-related organisations, such as ENISA and ECSO.
The CEPIS Legal and Security Issues expert group is a specialized body within the Council of European Professional Informatics Societies (CEPIS). It focuses on addressing and providing guidance on legal and security challenges in the field of information technology.
The group, comprised of subject matter experts from several CEPIS Member Societies, works on producing position papers on relevant legislation, formulating CEPIS stances on key issues, and communicating these to EU institutions. It also aims to raise awareness about the importance of cybersecurity among its members and the general public. The group’s activities include addressing encryption policies, data protection, and overall digital security strategies. By fostering collaboration among IT professionals, legal experts, and policymakers, the group aims to enhance data protection, cybersecurity, and regulatory compliance, ultimately contributing to a safer and legally sound digital environment.
Interested in following the work of the LSI expert group? Sign up to the ‘Friends of LSI’ mailing list!
CEPIS welcomes the recent historic decision by the European Parliament to end the indiscriminate scanning of private digital communications, commonly known as “Chat Control.” With the interim regulation expiring, major tech companies must immediately halt mass surveillance of private messages for EU users.
CEPIS urges Members of the European Parliament to firmly defend the Parliament’s recent democratic decision to end untargeted mass scanning of private digital communications. CEPIS reiterates its strong opposition to the indiscriminate surveillance measures.
The Annual Privacy Forum (APF) 2026 has officially opened its call for papers, inviting researchers, policymakers, industry experts, and students to contribute to one of Europe’s leading events on privacy and data protection.
CEPIS welcomes the proposed changes in the new proposal that eliminate the mandatory nature of on-device CSAM detection. This significantly improves balancing the crucial protections for children online with the security and privacy risks for society as a whole. However, we are worried that other aspects of the new proposal still bring high risks to society without clear benefits for child protection.
The 13th Annual Privacy Forum (APF) 2025, of which CEPIS is a long-standing partner, will take place on 22–23 October 2025 at Goethe University Frankfurt am Main, Germany. The event, themed “Privacy Technologies and Policy,” will bring together leading experts, researchers, and practitioners to discuss the evolving challenges and innovations in data protection and privacy across Europe.
An open letter has been issued by scientists and researchers across Europe, expressing deep concerns over the EU’s latest proposal for child sexual abuse regulation, which mandates client-side scanning on encrypted messaging platforms to detect Child Sexual Abuse Material (CSAM).
The Legal and Security Issues (LSI) expert group has produced a statement opposing the European Commission’s plans to oblige communication services providers (e-mail, messaging, video conferencing, etc.) to monitor all content, even if it is encrypted.
The regulation is pre-announced to be published before the end of 2021 or soon after. CEPIS firmly rejects this plan.
CEPIS urges the European Commission, the European Parliament and the governments of the EU member states to prevent this serious and far-reaching violation of fundamental rights. The European Parliament, in particular, is called upon to take immediate and decisive action against the Commission’s plans that are damaging to our community.
CEPIS’ Legal and Security Issues Special Interest Network (LSI SIN) has submitted a letter to the Executive Vice-President for A Europe Fit for the Digital Age and Competition Margrethe Vestager and the Commissioner for Internal Market Thierry Breton about the anticipated acquisition of Arm’s Intellectual Property Group business by Nvidia.
The group has analysed the situation and has found serious reasons for concerns, that are presented in more detail in the attachment.
Read the letter PDF in browser
CEPIS’ Legal and Security Issues Special Interest Network (LSI SIN) calls for the rejection of a planned resolution in the Council of Ministers, which would grant authorities special access to encrypted communication between EU citizens. The special access, or ‘master key’, will weaken end-to-end encryption, and endangers digitisation in Europe, the LSI network warns. For this reason, the LSI Network and CEPIS call on the German Federal Government as the current Council Chair, the European Commission, and the European Parliament to vehemently oppose this proposal to weaken end-to-end encryption and instead advocate a European “right to encryption”.
Download the statement
The European Commission’s draft proposal for a Regulation on cross-border access to electronic evidence in criminal matters includes enabling law enforcement authorities of a Member State (issuing state) to directly oblige providers established in another Member State (enforcing state) to disclose metadata and content data of their customers.
The CEPIS LSI SIN has drafted an open letter which strongly warns against this initiative. The proposal deprives states of the ability to protect the fundamental rights of their citizens. It undermines European data protection law and threatens to damage the existing international system of mutual legal assistance in criminal matters. Only two years after the deadline for implementing the European investigation order, it has not been clarified whether there are any gaps in cross-border criminal prosecution.
View the letter PDF in browser
Internet access service providers are increasingly using Deep Packet Inspection (DPI) technology for traffic management and differentiated pricing of specific services or applications as part of their product design. DPI inspects in detail the data being sent over a computer network and blocks, rerouts or logs data according to necessity. Most often users are not consulted or informed about the use of DPI.
That is why an open letter to the European Commission was initiated by EDRi and epicenter.works. Another 12 organisations from all over Europe signed the letter in support. These concerns align with those of CEPIS. On the initiative of the LSI SIN, CEPIS has added its voice to the signatories of this letter.
CEPIS LSI expert group has produced many reports and policy papers in the past. Should you be interested in any of them, please kindly contact the CEPIS Secretariat.
