The Bulgarian Cybersecurity Association and EDIH Trakia propose legal regulation of “ethical hacking” in Bulgaria

At the forum “AI and Youth: Rights, Education, Employment,” held in Sofia under the auspices of the Friedrich Ebert Foundation-Bulgaria and the National Youth Forum, Dr. Hristian Daskalov, Chairman of the European Digital Innovation Hub “Trakia” — a project of the Union for Private Economic Enterprise — presented the idea of legal regulation of “ethical hacking” (the exploration of cybersecurity vulnerabilities) in the context of the shared efforts of the social partners to provide the necessary guarantees for equal access and respect for human rights in the context of the challenges posed by artificial intelligence.

At the forum, in which representatives of the leadership of the Ministry of Electronic Governance, the Economic and Social Council, and leading companies in the information technology sector took part, EDIH Trakia emphasized the European-wide “precautionary principle” adopted in the Concept for the Development of Artificial Intelligence (AI) in Bulgaria. In this context comes the proposal for regulating coordinated vulnerability disclosure and reporting, which could lead to the timely neutralization of weaknesses and flaws both in high-risk AI technologies and in a wider range of corporate and public assets, networks and information systems.

Experts from EDIH Trakia invited the youth audience of the forum to participate in the free training for ethical hackers under the Cyber4AllSTAR project, funded by the Digital Europe Programme of the European Commission and the national Program “Scientific Research, Innovation and Digitalization for Intelligent Transformation 2021-2027” of the Ministry of Innovation and Growth. A commitment was made that all the proposals of the young people on the creation of a regulatory framework for the development and use of reliable AI following international regulatory and ethical standards will be brought to the attention of the thematic working group “Artificial Intelligence – guarantees for equal access and respect for human rights” at the Ministry of Electronic Government, which will hold its first meeting on 19 September 2024 with the participation of representatives of the Bulgarian Cybersecurity Association (BCA), a member of the EDIH Trakia, and the Union for Private Economic Enterprise.

As for the legislative initiative to regulate “ethical hacking” through the proposed amendment to the Cybersecurity Act, it is in line with the position of the European Union Agency for Cybersecurity (ENISA), which in a recent report recommended to member states, in the run-up to the entry into force of the new NIS2 Directive on network and information security, to establish a legal framework that protects from prosecution for cyber vulnerability researchers who comply with the relevant ethical standards and established protocols for the operation of National Computer Security Incident Response Teams (NCSIRT).

The proposal of the cybersecurity experts from BCA and EDIH Trakia, which is also supported by Women4Cyber – Bulgaria, to the Ministry of Electronic Government is NERICS (CERT – Bulgaria)  to follow the procedure for ethical and coordinated reporting of cybersecurity vulnerabilities, introduced in 2023 in the Kingdom of Belgium, as far as the Belgian legislation governing the issues of “ethical hacking” is what BCA refers to as good practice in the field. Just a few days ago, the International Telecommunication Union’s “Global Cybersecurity Index 2024” was published, according to which Belgium, with a score of 96.81/100, ranks among the leaders in global cybersecurity. Bulgaria, with an overall score of 74.73, ranks third out of five on the global cybersecurity index and falls behind mostly in areas such as capacity-building measures – an area that would be helped most by engaging “ethical hackers” (cyber vulnerability researchers) in protecting businesses and the state from cyber incidents.

Scroll to Top