ICLE Comments to NIST Regarding Security Considerations for Artificial Intelligence Agents
Executive Summary
The International Center for Law & Economics (ICLE) appreciates the opportunity to respond to the National Institute of Standards and Technology’s Request for Information on security considerations for AI agent systems. These comments address Questions 4(d)(ii), 5(b), 5(d), and 5(e), drawing on law & economics research on security investment, comparative regulatory analysis, and insights from fields outside artificial intelligence and cybersecurity.
A central barrier to effective AI agent security monitoring is doctrinal ambiguity across overlapping legal regimes. Privacy and communications laws rarely prohibit monitoring outright. Instead, uncertainty about how monitoring practices will be classified raises the expected cost of observability infrastructure. Firms—particularly smaller deployers—therefore underinvest in telemetry, logging, and anomaly detection. The resulting security blind spots reflect avoidable compliance friction rather than intentional privacy protection.
To reduce this monitoring gap, NIST should prioritize four areas of government collaboration. First, define the technical parameters of security-necessary telemetry, including a taxonomy of telemetry types by privacy sensitivity, purpose-separation design patterns, and retention and access matrices. Second, develop sector-specific monitoring profiles for high-friction deployment contexts such as health care, financial services, education, and workplace systems. Third, promote standards convergence by publishing crosswalks aligning NIST frameworks with international standards such as ISO/IEC 42001 and ISO/IEC 27001. Fourth, support a common AI incident-reporting vocabulary and standardized reporting fields to reduce multi-regime reporting costs.
Comparative analysis shows that no jurisdiction has resolved the tension between monitoring obligations and privacy constraints. The European Union establishes the clearest monitoring mandates but generates regulatory complexity across overlapping instruments. The United Kingdom’s principles-based model offers flexibility but weaker enforcement clarity. China’s sovereignty-centered approach enables decisive regulation but is incompatible with cross-border governance frameworks. Singapore’s standards-led model shows that monitoring gaps can persist even when organizations formally adopt security-management standards.
Insights from other fields reinforce these conclusions. Research on investment under uncertainty shows that regulatory ambiguity depresses security investment. Trade secret law demonstrates how “reasonable measures” standards can guide security practices without prescribing rigid technical rules. Stable definitions of security-necessary monitoring—supported by technical standards, rather than prescriptive mandates—can therefore improve both security outcomes and innovation incentives.
I. Question 4(d)(ii): Are there legal and/or privacy challenges to monitoring deployment environments for security threats, risks, or vulnerabilities?
A. The Telemetry Paradox
Yes—and the challenges are structural, rather than incidental. A major and underappreciated barrier to effective AI-agent security monitoring is doctrinal ambiguity across overlapping legal regimes. This ambiguity raises the expected cost of monitoring to the point where firms rationally underinvest in the observability that agent security requires.
We refer to this dynamic as the “Telemetry Paradox.” The granular monitoring necessary to secure autonomous agents simultaneously expands regulated data processing and surveillance risk. At the same time, the mismatch between agent architectures and legacy legal categories makes it difficult to identify the compliance boundary ex ante.
The consequences are significant. Legal certainty functions as a principle of economic efficiency because it reduces the transaction costs firms face when planning compliance-sensitive investments. When the legality of monitoring is unclear, firms rationally delay or scale back telemetry—even when known threat vectors remain unaddressed.[1] Emerging evidence suggests that EU regulatory frameworks often become the highest common technical baseline for transatlantic deployments. In practice, the most restrictive classification of monitoring practices can therefore shape global system design.[2]
Two concrete scenarios illustrate the Telemetry Paradox.
A hospital deploying an AI agent to assist with claims processing needs tool-call logs and reasoning traces to detect prompt-injection attacks and billing anomalies. Yet that telemetry can capture protected health information subject to Health Insurance Portability and Accountability Act (HIPAA) minimum-necessary requirements and potentially General Data Protection Regulation (GDPR) special-category restrictions if European patients are involved.
A software-as-a-service (SaaS) provider deploying an agent with tool access across multiple customer environments requires cross-session behavioral baselines to detect privilege escalation and lateral movement. Each customer’s data-processing agreement may impose different retention limits, access controls, and deletion timelines on the same log stream.
In both cases, the monitoring necessary for security is precisely the monitoring that overlapping legal regimes make difficult to scope with confidence.
A further complication is that monitoring infrastructure itself can create privacy and security risks. Research on privacy side channels in machine-learning systems shows that system-level monitoring components—such as query filtering, output monitoring, and preprocessing layers—can be exploited to extract private information at rates significantly higher than attacks against the underlying model.[3] Increased telemetry may therefore reduce certain categories of security loss while simultaneously increasing expected privacy loss. Legal regimes thus have independent reasons to scrutinize broad, undifferentiated monitoring.
B. Legal Sources of Monitoring Uncertainty
Several overlapping legal regimes contribute to what we call the “observability gap.”
1. U.S. communications law
U.S. communications law generally reflects two conceptual approaches: restrictions on acquiring or intercepting data, and regulation of how data may be used once collected. In the long run, the latter provides a more productive lens for evaluating security–privacy tradeoffs in agentic AI deployments.
The Electronic Communications Privacy Act (ECPA) illustrates the problem. Its core distinction between interception of communications in transit (Wiretap Act) and access to communications in storage (Stored Communications Act) maps poorly onto AI-agent traffic. These statutes were designed for discrete messages, not for continuous, replicated data flows.[4]
The Stored Communications Act’s categories—content versus non-content, storage duration thresholds, and provider classifications—fit poorly with agent telemetry. An agent’s tool-call arguments may qualify as “content” under one statutory provision while functioning as system telemetry under another. The individual whose privacy interests are implicated may be a third-party human whose message the agent processes, rather than the deployer operating the system.
Recent class-action litigation alleging that AI-powered transcription and monitoring constitute unlawful interception illustrates the strain these statutes face when applied to agentic systems.[5]
These difficulties suggest that the most productive governance lens is not ECPA’s transit-versus-storage taxonomy, but a purpose-limitation framework grounded in contextual privacy expectations. The central challenge in personalized AI governance is the information asymmetry between developers and users regarding data collection, retention, and repurposing. These conditions produce adverse-selection dynamics analogous to George Akerlof’s “market for lemons.”[6]
Under a purpose-limitation approach, user data should be used only for the purposes for which it was shared. Governance would focus on evaluating system outputs and observable harms rather than prescribing technical architectures or attempting to classify data flows under statutory categories designed for a different technological environment.[7]
Applied to agent-security telemetry, this framework offers several advantages.
First, it accommodates the mixed-purpose nature of monitoring data. Agent telemetry frequently serves security, compliance, and product-improvement functions simultaneously. A purpose-limitation framework can evaluate these uses without forcing artificial classification into “content” and “non-content” categories.
Second, it scales across contexts by calibrating obligations to data sensitivity. Existing sectoral regimes illustrate this approach. The Gramm–Leach–Bliley Act establishes disclosure and opt-out requirements for nonpublic personal information in financial services, while HIPAA imposes strict purpose limitations on protected health information. Both operationalize purpose limitation without imposing a uniform technical classification scheme.[8]
Third, it addresses third-party privacy concerns directly. When an agent processes a third party’s message, the relevant question is whether the processing falls within the purpose for which the data was shared—not whether the data was “in transit” or “in storage” at the moment of access.
The Wiretap Act and Stored Communications Act remain relevant, but primarily as litigation risk rather than as governance frameworks. If courts begin treating agent tool calls as “interceptions,” the resulting precedent could chill legitimate security monitoring while failing to address the underlying privacy harms. Policymakers should therefore consider whether a voluntary certification regime—supported by standardized disclosures and minimal legal backstops under existing consumer-protection authority—could provide a credible alternative governance path.[9]
The Cybersecurity Information Sharing Act of 2015 illustrates the fragility of narrow purpose-specific carve-outs. Its protections for monitoring “for cybersecurity purposes” depend on purpose segmentation that current regulatory guidance does not clearly define. The statute’s repeated short-term renewals further underscore the instability of this approach.[10]
2. EU data protection
The GDPR simultaneously requires security and constrains data collection. Article 32 mandates “appropriate technical and organisational measures,” while Article 5’s minimization and storage-limitation principles restrict the scope and duration of monitoring.[11]
For security telemetry, the most relevant lawful basis is legitimate interest under Article 6(1)(f). The European Data Protection Board’s 2024 guidelines recognize network and information security as a paradigmatic legitimate interest, reflecting Recitals 47 and 49. They also require a documented three-step balancing test and prior assessment.[12]
This framework acknowledges that security monitoring may be lawful but does not provide clear ex ante certainty about which monitoring designs will survive enforcement scrutiny. The resulting uncertainty becomes a central compliance risk.[13]
The economic implications are substantial. James Langenfeld, Frank Fagan, and Samuel Clark show that legal restrictions that create information gaps distort security investment and increase expected harm.[14] Building a security-logging system requires a large upfront investment, while the privacy risk associated with operating it accrues continuously.
When firms cannot predict whether regulators will classify logging as excessive processing, they face an asymmetric payoff structure. Under-monitoring generates diffuse and difficult-to-attribute security losses. Over-monitoring can produce discrete, litigable privacy violations.
The European Data Protection Board’s breach-notification guidance documents incidents in which “data was exfiltrated without leaving a trace in the logs.”[15] These examples illustrate the operational costs of insufficient monitoring that regulators later criticize in post-incident investigations.
3. ePrivacy overlay
Even when GDPR compliance is addressed, the ePrivacy Directive adds another layer of uncertainty. Article 5(3) restricts storing information or gaining access to information on terminal equipment.
The European Data Protection Board’s guidance in internet-of-things (IoT) contexts suggests a broad interpretation that could encompass agent-side instrumentation.[16] Runtime inspection tools—such as SDK instrumentation, endpoint telemetry, and local sandboxes recording tool invocations—may therefore require consent unless they fall within a narrow exemption.
Whether these monitoring tools qualify as “strictly necessary” for security remains unresolved.
C. Security Investment Effects of Legal Uncertainty
The core economic mechanism is straightforward. When firms cannot predict whether a monitoring practice will be considered lawful, they treat legal risk as an additional cost of security investment—and invest less.
The Gordon–Loeb model, developed by Lawrence Gordon and Martin Loeb, formalizes this dynamic. Firms invest in security only up to a bounded fraction of expected loss, with investment most attractive for midrange vulnerabilities.[17] Legal uncertainty alters this calculation by increasing the effective marginal cost of monitoring—through legal review, retention tooling, and litigation reserves—while reducing its perceived effectiveness because firms may hesitate to rely on telemetry during incident response.
Both effects reduce optimal monitoring.
Extensions of the Gordon–Loeb framework further show that, even when accounting for security externalities, socially optimal cybersecurity investment rarely exceeds 37% of expected externality losses.[18] Modest regulatory ambiguity can therefore eliminate a substantial share of socially beneficial monitoring.
The distributional effects resemble patterns observed in other compliance-intensive regulatory settings. Large platform providers can absorb compliance costs and convert monitoring capabilities into competitive advantages. Smaller deployers face the option-value logic of uncertainty and delay or limit monitoring investments.
Empirical research on GDPR compliance costs suggests similar outcomes. One NBER study finds that the GDPR induced the exit of roughly one-third of Google Play apps,[19] while other work finds increased concentration in web-technology markets.[20] Analogous pressures likely affect AI deployments facing uncertain monitoring obligations.
The likely result is a security architecture in which AI-agent risk concentrates among smaller deployers with the least monitoring capacity.
D. FTC Enforcement and Monitoring Obligations
U.S. enforcement practice creates a distinct form of bidirectional uncertainty.
The Federal Trade Commission’s (FTC) action against Rite Aid established that deploying AI-based surveillance technology without “reasonable safeguards” can violate Section 5 of the FTC Act.[21] This sets a floor for monitoring obligations.
At the same time, the FTC’s order in the Drizly matter imposed company-wide data-minimization requirements and mandated deletion of data that no longer served legitimate business purposes.[22] This order signals that retaining large volumes of security-relevant data may itself trigger enforcement risk.
Firms therefore face liability both for insufficient monitoring and for excessive retention. The boundary between the two remains defined largely through case-by-case adjudication.
E. Compound Compliance Frictions in Complex Deployments
These challenges compound in complex regulatory environments.
Consider an AI agent deployed by a financial institution to assist employees in processing customer health-insurance claims. Workplace-surveillance law may constrain the granularity of employee telemetry. The CNIL’s €32 million sanction against Amazon France Logistique—later partially reduced by the Conseil d’État—demonstrates that even operational or security rationales may fail proportionality review.[23]
HIPAA and the Gramm–Leach–Bliley Act simultaneously require logging while imposing distinct retention, access, and disclosure obligations on the same data.
Third-party interactions may incidentally expose trade secrets. The Defend Trade Secrets Act conditions protection on maintaining “reasonable measures” to preserve secrecy—measures that often require monitoring.[24] Yet monitoring itself may constitute unauthorized acquisition of confidential information belonging to third parties.
Each additional legal constraint increases the option value of delaying monitoring investment. The joint probability of compliance failure across multiple regimes rises faster than the sum of individual risks.
In practice, monitoring investments may therefore concentrate on legally mandated requirements—such as HIPAA audit logs or GLBA security-event records—rather than on the most security-relevant observability signals. Agent reasoning traces, anomalous tool-use patterns, and cross-session behavioral baselines may remain unrecorded because no specific mandate requires them and multiple legal regimes create risk from collecting them.
F. Separating Privacy Protection from Compliance Costs
Not all monitoring constraints reduce welfare. Privacy and security address distinct policy objectives. Treating both as access-control problems can produce policy errors in both directions.[25]
The relevant question is not whether legal constraints impose costs—they do—but whether those costs correspond to meaningful privacy protections.
A security-focused telemetry constraint generates avoidable compliance friction when:
- the restricted telemetry is primarily used for breach detection or forensic attribution, rather than behavioral profiling;
- the telemetry is less intrusive than content capture, access-controlled, retention-bounded, and insulated from secondary uses; and
- the privacy risk from retention is low because the recorded events are low-specificity security signals, such as tool-call metadata, authentication tokens, or error codes.
Conversely, a constraint may represent a genuine privacy protection when it restricts telemetry that is substantially more revealing than necessary for security or prevents the repurposing of security data for unrelated functions such as employee performance monitoring.
Several categories of legal constraint clearly provide meaningful protection and should be preserved. Restrictions on generalized interception help prevent mass surveillance of communications content. Authentication requirements for subject-access requests protect individuals from unauthorized disclosure.
Other rules appear to impose compliance costs without comparable privacy benefits. These include the Stored Communications Act’s storage-duration thresholds, the lack of clear standards for “strictly necessary” security logging under the GDPR legitimate-interest framework, and conflicting retention or erasure requirements across sectoral mandates.
The NIST Privacy Framework provides a useful analytical basis for evaluating these tradeoffs. Under this approach, privacy risk arises when data processing creates “problems for individuals,” not merely when it triggers a statutory category.[26]
II. Question 5(b): In which policy or practice areas is government collaboration with the AI ecosystem most urgent?
The Telemetry Paradox described above reflects a coordination problem, rather than a purely technical limitation. AI agent security depends on monitoring architectures that cut across multiple regulatory regimes, standards frameworks, and sectoral obligations. When these regimes use inconsistent terminology or impose conflicting requirements on telemetry collection and retention, the result is underinvestment in the observability necessary for secure deployment. Targeted government coordination—particularly through standards development and shared technical definitions—can reduce this friction without weakening privacy protections. Four areas of collaboration would most directly improve AI agent security.
A. Defining Security-Necessary Telemetry
NIST is well positioned to define the technical parameters of security-necessary telemetry. Establishing a shared technical vocabulary and clear design patterns would make regulatory safe harbors more administrable.
NIST should publish a taxonomy of telemetry types organized by privacy sensitivity. Such a taxonomy could distinguish, for example, tool-call metadata, authentication events, error signals, and anomaly indicators from behavioral-profiling data. It should also include purpose-separation design patterns and sample retention and access matrices.
These definitions could inform regulatory safe harbors used by other agencies—including the FTC, HHS, and even the European Data Protection Board—by establishing a common technical baseline for distinguishing “security-necessary” telemetry from surveillance-oriented monitoring. The evaluative criterion described in Section I.F provides a principled starting point for scoping these definitions.
B. Sector-Specific Monitoring Profiles
Certain deployment contexts create particularly complex monitoring obligations. Health care, financial services, education, and workplace deployments each involve multiple legal regimes that impose overlapping—and sometimes conflicting—requirements on the same telemetry.
NIST should develop sector-specific monitoring profiles for these high-friction environments. This approach would extend the model used in NIST IR 8596 (Cybersecurity Framework Profile for AI) and the HIPAA Security Rule implementation guidance (SP 800-66r2).[27] Sector-specific profiles could specify which monitoring practices are expected, which retention periods are justified, and how conflicts among sectoral mandates should be resolved.
Providing such profiles would help deployers translate high-level regulatory obligations into concrete monitoring architectures.
C. Standards Convergence for Agent Security
AI agent security currently spans multiple overlapping standards frameworks. NIST’s AI Risk Management Framework,[28] the Cybersecurity Framework, the Generative AI Profile,[29] and the emerging agent identity and authorization concept paper[30] should therefore be explicitly bridged to ISO/IEC 42001 (AI management systems) and ISO/IEC 27001 (information security management).
NIST can accomplish this through published crosswalk documents and gap analyses. Existing research mapping ISO 27001 controls against data-protection requirements shows that security compliance and privacy compliance only partially overlap—particularly in areas such as security log retention and access.[31]
NIST-led crosswalks among the AI RMF, the Cybersecurity Framework, the Privacy Framework, and international standards would provide firms with a unified compliance architecture. Without such coordination, organizations must conduct bespoke analyses across multiple standards bodies and jurisdictions.
D. Harmonized AI Incident-Reporting Standards
Incident-reporting requirements for AI systems are emerging across multiple international initiatives. The OECD’s work toward a common AI incident-reporting framework[32] and the G7 Hiroshima AI Process[33] both aim to establish harmonized terminology and reporting criteria.
NIST should actively participate in these initiatives and adopt compatible vocabulary. It should also publish concrete incident-reporting field definitions tailored to AI-agent contexts. Clear reporting schemas would reduce the transaction costs of multi-regime compliance by clarifying which events must be detected, recorded, and reported.
The European Union Agency for Cybersecurity’s (ENISA) multilayer framework for cybersecurity practices in AI provides a useful template. ENISA proposes a three-layer structure consisting of cybersecurity foundations, AI-specific cybersecurity controls, and sector-specific requirements[34] This layered model mirrors the compliance architecture organizations already face in practice and could serve as a basis for coordinated NIST-ENISA work on AI agent security standards.
III. Question 5(d): How are other countries addressing these challenges and what are the benefits and drawbacks of their approaches?
Other major jurisdictions are approaching AI agent security monitoring through distinct regulatory architectures. These frameworks vary in how they define monitoring obligations, allocate enforcement authority, and reconcile security observability with privacy and data-governance constraints. Comparative analysis therefore helps identify which governance strategies reduce monitoring uncertainty and which create additional compliance friction. The following overview highlights several leading models and the tradeoffs they present.
A systematic institutional study of overlaps across the EU digital regulatory ecosystem finds that each regulation “functions reasonably in isolation” but together form an “extremely difficult to navigate” legal landscape.[35] Transparency, logging, and reporting obligations appear repeatedly across multiple instruments, meaning monitoring architectures cannot realistically be designed once—even within the EU—let alone across jurisdictions.
A. European Union: Mandatory Monitoring and Regulatory Complexity
The EU most clearly embeds monitoring obligations directly into AI governance.
The AI Act requires high-risk AI systems to support security observability across the system lifecycle. Article 12 requires systems to enable automatic event logging for traceability and compliance.[36] Article 26 imposes deployer-side log-retention obligations of at least six months, subject to data-protection law.[37] Together these provisions create a credible monitoring baseline supported by conformity assessment.[38]
This structure also creates an important friction point. Article 26’s retention mandate is explicitly conditional on EU or national data-protection law. The Act therefore simultaneously requires log retention and places limits on the legal conditions under which those logs may be retained.
Parallel EU cybersecurity legislation further strengthens the monitoring floor. The NIS2 Directive,[39] the Cyber Resilience Act (CRA),[40] and the Digital Operational Resilience Act (DORA)[41] impose incident and vulnerability reporting obligations, including early-warning and full-notification timelines of 24 hours and 72 hours.[42] These instruments collectively reinforce monitoring requirements across sectors.
The drawback is regulatory complexity. Studies of the EU digital regulatory ecosystem identify conflicts in definitions, reporting timelines, and compliance triggers across at least five overlapping instruments.[43] These inconsistencies create regulatory incoherence. Firms often respond by routinizing minimum compliance rather than optimizing security observability.
B. United Kingdom: Principles-Based Governance and Standards Development
The United Kingdom takes a different approach, relying primarily on principles-based governance implemented by sector regulators.
This model produces fewer AI-specific statutory mandates but also fewer built-in compliance safe harbors. The UK Code of Practice for the Cyber Security of AI sets out expectations that system operators log system actions and analyze logs for anomalies.[44] The government has submitted the Code to ETSI for potential international standardization, reflecting a strategy of shaping global standards rather than imposing detailed domestic rules.
The UK AI Security Institute further supports this approach through evaluation programs. These include agentic task environments and cyber range testing designed to identify the monitoring capabilities necessary for secure AI operation.[45]
One advantage of this model is reduced legal friction for security monitoring. The Data (Use and Access) Act 2025 introduces “recognized legitimate interests” for crime prevention and safeguarding.[46] These provisions reduce the balancing-test burden for security-oriented data processing.
The drawback is enforcement uncertainty. Monitoring expectations ultimately depend on the willingness and capacity of sector regulators to interpret and enforce the principles. Critics therefore describe the model as a form of “regulatory hallucination”—an appearance of governance without binding regulatory obligations.[47]
C. China: Security-Driven and Sovereignty-Centered Regulation
China’s governance architecture links personal-information regulation with national-security objectives in ways that differ significantly from EU and UK approaches.
Rogier Creemers describes China’s Personal Information Protection Law (PIPL) as having a “clear family resemblance” to the GDPR for firm-to-consumer data governance.[48] At the same time, the Data Security Law (DSL) operates as a national-security instrument that places few meaningful constraints on state access to data.
Matt Sheehan’s analysis of China’s AI regulatory process identifies a pattern of deliberate regulatory ambiguity that expands enforcement discretion.[49] This design enables rapid policy implementation and centralized enforcement.
The advantage of this system is decisiveness. The Chinese regulatory framework can quickly establish mandatory monitoring practices and enforce them through administrative action.
The disadvantages are substantial for international deployment. Data-localization requirements under PIPL and the DSL create structural conflicts with EU adequacy-based transfer mechanisms. The EU adequacy framework assumes meaningful limits on government access to data—limits the Chinese system does not provide.
D. Singapore and Japan: Governance Through Testing and Evaluation
Singapore and Japan emphasize testing-based governance rather than prescriptive monitoring mandates.
Singapore’s AI Verify framework and broader collaborative governance model translate security goals into practical testing and certification processes.[50] This approach attempts to operationalize monitoring expectations through technical validation rather than statutory requirements.
Empirical evidence nonetheless suggests implementation gaps. An analysis of 27 major Singapore enforcement cases between 2022 and 2024 finds that the most frequently failed ISO/IEC 27001 controls include Control 8.16 (Monitoring Activities) and Control 8.15 (Logging).[51] These findings suggest that organizations often struggle to operationalize monitoring even when formal security-management standards are adopted.
Network-security failures frequently occur alongside logging failures, producing cascading vulnerabilities in monitoring systems.
E. Comparative Tradeoffs Across Governance Models
Three core tradeoffs emerge from this comparison.
1. Legal certainty versus adaptability
The EU establishes the clearest formal monitoring obligations but generates uncertainty at the interfaces between overlapping regulatory instruments. The UK and Singapore frameworks allow faster regulatory adaptation but leave “reasonable security” expectations less clearly specified.
2. Monitoring floors versus innovation costs
ENISA’s annual surveys of NIS Directive cybersecurity investment across EU member states find that incident-reporting mandates correlate with improved detection and response capabilities.[52] At the same time, compliance burdens and fragmented oversight can reduce effectiveness. Smaller operators in particular often allocate disproportionate resources to reporting requirements, rather than to substantive security improvements.
3. Cross-border operability versus data sovereignty
Modern security operations depend on cross-border telemetry flows. Data-localization measures therefore introduce operational costs and security risks. By 2023, more than 100 localization measures existed across roughly 40 countries, complicating centralized monitoring architectures.[53]
F. Toward a Global AI Governance Regime Complex
The emerging trajectory suggests that global AI governance will develop as a regime complex, rather than a unified regulatory system.
Emma Klein and Stewart Patrick argue that AI governance will likely emerge through “multiple institutions within and across several functional areas,” because “the challenges that AI presents are too multifaceted, the relevant actors too varied, and the geopolitical situation too complicated” for a single global authority.[54]
For AI agent monitoring, this implies that harmonization is unlikely. More realistic governance pathways include mutual recognition regimes, shared incident-reporting vocabularies, and convergence among international technical standards.
IV. Question 5(e): Are there practices, norms, or empirical insights from fields outside of artificial intelligence and cybersecurity that might benefit our understanding?
The monitoring challenges described above are not unique to artificial intelligence. Several mature policy domains—including investment economics and trade-secret law—have long addressed analogous problems involving uncertainty, security incentives, and legal standards for reasonable protection. Their analytical frameworks provide useful guidance for designing AI agent monitoring governance.
A. Investment Under Uncertainty and Security Monitoring
The economics literature on investment under uncertainty provides a well-developed framework for understanding why firms delay monitoring investments when legal conditions are unclear.
Real-options models treat investment decisions as choices between immediate action and waiting for additional information. Nicholas Bloom, Stephen Bond, and John Van Reenen show that moving from low to high uncertainty reduces first-year investment responses to demand shocks by roughly half.[55] Kira Fabrizio similarly finds that anticipated regulatory instability dampens investment even when current policy conditions remain favorable.[56]
Mazaher Kianpour and Shahid Raza extend this framework to cybersecurity. Their analysis shows that regulatory volatility induces “wait-and-see” behavior in cybersecurity investment decisions.[57]
The implication for AI monitoring is straightforward. Legal uncertainty regarding the permissibility of security telemetry produces the same investment-chilling effect observed in other regulated sectors. In energy markets, uncertainty about carbon pricing or renewable-energy subsidies delays infrastructure investment. In AI deployment contexts, uncertainty about monitoring legality delays investments in telemetry, logging infrastructure, and anomaly detection.
The policy response suggested by the literature is also similar. Credible and stable regulatory commitments reduce the option value of delay and encourage earlier investment in protective infrastructure.
B. Trade Secret Law and the ‘Reasonable Measures’ Standard
Trade secret law provides a complementary insight into how legal standards can guide security practices without prescribing detailed technical rules.
Under the Defend Trade Secrets Act, firms receive protection only if they implement “reasonable measures” to maintain the secrecy of protected information. Courts and practitioners have spent decades interpreting and operationalizing this standard.
Raj Sachdev’s Reasonable Cybersecurity Measures Framework provides a structured method for evaluating whether specific cybersecurity practices satisfy this legal threshold.[58] The framework offers a vocabulary that could inform discussions of “reasonable” AI security monitoring.
Empirical research also demonstrates the economic effects of clear protection standards. Ivan Png finds that stronger trade-secret protection correlates with roughly 3.1-3.2% higher R&D investment in innovation-intensive industries.[59] Feng Gao, Xue Wang, and Benda Yin show that stronger trade-secret protection enables firms to shift resources away from defensive secrecy measures and toward productive investment.[60]
Monitoring uncertainty therefore has broader implications than security alone. When firms cannot determine whether monitoring practices will be considered lawful, the resulting uncertainty weakens the appropriation incentives that support innovation.
[1] Aurélien Portuese, Orla Gough & Joseph Tanega, The Principle of Legal Certainty as a Principle of Economic Efficiency, 44(1) Eur. J.L. & Econ. 131 (2017), https://doi.org/10.1007/s10657-014-9435-2 (arguing that legal certainty promotes economic efficiency by reducing transaction costs for compliance-sensitive investments); see also Alessandro Acquisti, Curtis Taylor & Liad Wagman, The Economics of Privacy, 54(2) J. Econ. Literature 442 (2016), https://doi.org/10.1257/jel.54.2.442 (surveying the economics of privacy and explaining how regulatory uncertainty shapes privacy-related economic decisions).
[2] Vijay Kanabar & Krassimira Kaloyanova, Securing Generative AI Systems: Threat-Centric Architectures and the Impact of Divergent EU–US Governance Regimes, 6(1) J. Cybersecurity & Privacy 27 (2026), https://doi.org/10.3390/jcp6010027; see generally Anu Bradford, The Brussels Effect: How the European Union Rules the World (2020) (describing how EU regulation can become the de facto global compliance baseline).
[3] Edoardo Debenedetti et al., Privacy Side Channels in Machine Learning Systems, in Proceedings of the 33rd USENIX Security Symposium (2024), https://www.usenix.org/conference/usenixsecurity24/presentation/debenedetti.
[4] Orin S. Kerr, A User’s Guide to the Stored Communications Act, and a Legislator’s Guide to Amending It, 72 Geo. Wash. L. Rev. 1208 (2004); Orin S. Kerr, The Next Generation Communications Privacy Act, 162 U. Pa. L. Rev. 373 (2014) (arguing that ECPA’s foundational categories are obsolete for modern data flows).
[5] William Simpson, Dressing Old Laws in Class Action Suits: Applying Anti-Wiretapping Laws to AI Transcription Services, IAPP; see, e.g., Ambriz v. Google, LLC, No. 3:23-cv-05437-RFL (N.D. Cal. Feb. 10, 2025) (denying motion to dismiss CIPA claims arising from alleged interception and analysis of customer-service calls using Google Cloud Contact Center AI).
[6] Ben Sperry & Kristian Stout, The Trust Constraint on Personalized AI: How Transparency and Adaptive Governance Can Unlock AI Productivity, ICLE Issue Brief 2026-01-09, at 7–9 (arguing that information asymmetries between AI developers and users regarding data collection, retention, and repurposing create adverse-selection dynamics that undermine trust and constrain personalization’s productivity-enhancing potential).
[7] Id. at 11–12 (“The guiding principle . . . should be purpose limitation; user data should be used only for the purposes for which it is shared.”); id. at 9–10 (advocating governance that evaluates system outputs and observable harms rather than prescribing technical architectures).
[8] Id. at 13–14 (describing GLBA’s disclosure and opt-out requirements for nonpublic personal information as a template for generative AI governance); id. at 14 (analogizing HIPAA’s strict purpose limitations on protected health information to the governance needs of AI systems processing sensitive data in regulated domains).
[9] Id. at 15–16 (proposing a federally recognized safe-harbor framework supported by voluntary, independent verification of data-use commitments, with certification focused on whether firms adhere to stated practices regarding data segmentation, purpose limitation, retention, and non-retraining).
[10] See Jared Bomberg, Workplace Monitoring Gets Easier, IAPP (2016) (explaining the Cybersecurity Information Sharing Act of 2015’s information-sharing protections and their limitations for mixed-purpose telemetry). Note: the Cybersecurity Information Sharing Act of 2015’s information-sharing protections expired on September 30, 2025, were temporarily extended through January 30, 2026, and were further extended through September 30, 2026 via the Consolidated Appropriations Act—the resulting short-term renewals themselves illustrate the regulatory instability this comment describes.
[11] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 Apr. 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), 2016 O.J. (L 119) 1, https://eur-lex.europa.eu/eli/reg/2016/679/oj; Cédric Burton, Article 32 Security of Processing, in The EU General Data Protection Regulation (GDPR) (2020), https://doi.org/10.1093/oso/9780198826491.003.0068.
[12] Eur. Data Prot. Bd., Guidelines 1/2024 on Processing of Personal Data Based on Article 6(1)(f) GDPR (2024), https://www.edpb.europa.eu/system/files/2024-10/edpb_guidelines_202401_legitimateinterest_en.pdf; see also Eur. Data Prot. Bd., Opinion 28/2024 on Certain Data Protection Aspects Related to the Processing of Personal Data in the Context of AI Models (2024), https://www.edpb.europa.eu/our-work-tools/our-documents/opinion-board-art-64/opinion-282024-certain-data-protection-aspects_en (confirming that legitimate interest may provide a lawful basis for AI-related processing, including cybersecurity uses).
[13] Miko?aj Barczentewicz, The GDPR and GenAI—Part 1: Lawful Bases, How EU Law Influences Tech (2024), https://eutechreg.com/p/the-gdpr-and-genai-part-1-lawful; see also Gianclaudio Malgieri, Can Legitimate Interest Be an Appropriate Lawful Basis for Processing Artificial Intelligence Training Datasets?, Computer L. & Sec. Rev. (2023), https://doi.org/10.1016/j.clsr.2022.105780 (analyzing the use of legitimate interest, rather than consent, as a lawful basis for AI-related processing).
[14] James Langenfeld, Frank Fagan & Samuel Clark, eds., The Law and Economics of Privacy, Personal Data, Artificial Intelligence, and Incomplete Monitoring, Research in L. & Econ., vol. 30 (2022), https://doi.org/10.1108/S0193-5895202230 (developing a framework linking incomplete monitoring under privacy law to security-investment gaps and resulting welfare losses); Ross Anderson & Tyler Moore, The Economics of Information Security, 314 Science 610 (2006), https://doi.org/10.1126/science.1130992 (showing how misaligned incentives and information asymmetries lead to chronic cybersecurity underinvestment).
[15] Eur. Data Prot. Bd., Guidelines 01/2021 on Examples Regarding Personal Data Breach Notification (2021), https://www.edpb.europa.eu/system/files/2022-01/edpb_guidelines_012021_pdbnotification_adopted_en.pdf.
[16] Eur. Data Prot. Bd., Guidelines 2/2023 on Technical Scope of Article 5(3) of the ePrivacy Directive (2024), https://www.edpb.europa.eu/system/files/2024-10/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_v2_en_0.pdf. The regulatory framework for Article 5(3) remains unsettled. The European Commission withdrew the proposed ePrivacy Regulation in Feb. 2025 and announced plans to integrate certain ePrivacy rules into the GDPR through the Digital Omnibus Package.
[17] Lawrence A. Gordon & Martin P. Loeb, The Economics of Information Security Investment, ACM Transactions on Info. & Sys. Sec. (2002), https://doi.org/10.1145/581271.581274.
[18] Lawrence A. Gordon et al., Externalities and the Magnitude of Cyber Security Underinvestment by Private Sector Firms: A Modification of the Gordon–Loeb Model, J. Info. Sec. (2015), https://doi.org/10.4236/jis.2015.61003; see also Howard Kunreuther & Geoffrey Heal, Interdependent Security, 26(2–3) J. Risk & Uncertainty 231 (2003), https://doi.org/10.1023/A:1024119208153 (providing a game-theoretic explanation for why interdependent security decisions lead to systematic underinvestment).
[19] Rebecca Janßen et al., GDPR and the Lost Generation of Innovative Apps, Nat’l Bureau of Econ. Rsch., Working Paper No. 30028 (2022), https://www.nber.org/papers/w30028 (finding that the GDPR led roughly one-third of apps to exit the market and reduced consumer surplus by an estimated 32%); see also Christian Frey et al., Privacy Regulation and Firm Performance: Estimating the GDPR Effect Globally, Econ. Inquiry (2024), https://doi.org/10.1111/ecin.13219 (finding that the GDPR reduced profits by about 8% on average for firms serving EU markets).
[20] Garrett A. Johnson, Scott K. Shriver & Samuel G. Goldberg, Privacy and Market Concentration: Intended and Unintended Consequences of the GDPR, 69(10) Mgmt. Sci. 5695 (2023), https://doi.org/10.1287/mnsc.2023.4709 (finding that the GDPR increased web-technology market concentration in the short run due to disproportionate fixed compliance costs); Christian Peukert, Stefan Bechtold, Michail Batikas & Tobias Kretschmer, Regulatory Spillovers and Data Governance: Evidence from the GDPR, 41(4) Marketing Sci. (2022), https://doi.org/10.1287/mksc.2021.1347 (corroborating concentration effects and documenting spillovers to non-EU websites).
[21] FTC v. Rite Aid Corp., No. 2:23-cv-05023 (E.D. Pa. 2023), https://www.ftc.gov/legal-library/browse/cases-proceedings/2023190-rite-aid-corporation-ftc-v (alleging that the deployment of AI-based surveillance without reasonable safeguards constitutes an unfair practice under Section 5 of the Federal Trade Commission Act).
[22] Lesley Fair, Data Security Forecast: Drizly with a 100% Chance of Far-Reaching Order Provisions, Fed. Trade Comm’n Bus. Blog (2022), https://www.ftc.gov/business-guidance/blog/2022/10/data-security-forecast-drizly-100-chance-far-reaching-order-provisions (explaining that the Federal Trade Commission’s Drizly order imposed company-wide data-minimization obligations and treated excessive data retention as a data-security risk).
[23] Commission Nationale de l’Informatique et des Libertés (CNIL), Employee Monitoring: CNIL Fined Amazon France Logistique €32 Million (2024), https://www.cnil.fr/en/employee-monitoring-cnil-fined-amazon-france-logistique-eu32-million (describing the CNIL’s €32 million fine against Amazon France Logistique for excessive employee monitoring that violated GDPR proportionality requirements). On Dec. 23, 2025, the Conseil d’État partially revised the decision and reduced the fine to €15 million, holding that the CNIL erred with respect to certain productivity indicators, while rejecting the remainder of Amazon’s challenge.
[24] Raj Sachdev, “Reasonable [Cybersecurity] Measures” for Digital Trade Secrets: Lessons from Marketing, 65 IDEA: J. Franklin Pierce Ctr. for Intell. Prop. 39 (2025), https://scholars.unh.edu/law_facpub/510.
[25] Derek E. Bambauer, Privacy Versus Security, 103 J. Crim. L. & Criminology 667 (2013), https://scholarlycommons.law.northwestern.edu/jclc/vol103/iss3/2; see also Danielle Keats Citron & Daniel J. Solove, Privacy Harms, 102 B.U. L. Rev. 793 (2022), https://scholarship.law.bu.edu/faculty_scholarship/3096 (developing a taxonomy of privacy harms that clarifies the distinction between privacy harms and security harms).
[26] Nat’l Inst. of Standards & Tech., NISTIR 8062: An Introduction to Privacy Engineering and Risk Management in Federal Systems (2017), https://doi.org/10.6028/NIST.IR.8062; Nat’l Inst. of Standards & Tech., NIST Privacy Framework 1.1, NIST CSWP 40 (Initial Pub. Draft 2025), https://doi.org/10.6028/NIST.CSWP.40.ipd (operationalizing the concepts introduced in NISTIR 8062 and adding AI-specific privacy risk-management guidance).
[27] Nat’l Inst. of Standards & Tech., NIST SP 800-66 Rev. 2: Implementing the HIPAA Security Rule (2024), https://doi.org/10.6028/NIST.SP.800-66r2; see also Dep’t of Health & Hum. Servs., HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information, Notice of Proposed Rulemaking, 90 Fed. Reg. 898 (Jan. 6, 2025) (proposing stronger HIPAA Security Rule requirements, including mandatory multifactor authentication and elimination of the “required” versus “addressable” distinction).
[28] Elham Tabassi et al., Artificial Intelligence Risk Management Framework (AI RMF 1.0), Nat’l Inst. of Standards & Tech. (2023), https://doi.org/10.6028/NIST.AI.100-1; Nat’l Inst. of Standards & Tech., NIST AI RMF to ISO/IEC FDIS 42001 Crosswalk (2023), https://airc.nist.gov/docs/NIST_AI_RMF_to_ISO_IEC_42001_Crosswalk.pdf (documenting efforts to align the NIST AI Risk Management Framework with ISO/IEC 42001).
[29] Chloe Autio et al., Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile (2024), https://doi.org/10.6028/NIST.AI.600-1.
Chloe Autio et al., Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile, Nat’l Inst. of Standards & Tech. (2024), https://doi.org/10.6028/NIST.AI.600-1.
[30] Nat’l Inst. of Standards & Tech., Accelerating the Adoption of Software and Artificial Intelligence Agent Identity and Authorization (Concept Paper, Initial Pub. Draft 2026), https://csrc.nist.gov/pubs/other/2026/02/05/accelerating-the-adoption-of-software-and-ai-agent/ipd (part of the broader NIST AI Agent Standards Initiative announced in Feb. 2026).
[31] Vasiliki Diamantopoulou, Aggeliki Tsohou & Maria Karyda, From ISO/IEC 27001:2013 and ISO/IEC 27002:2013 to GDPR Compliance Controls, Info. & Computer Sec. (2020), https://doi.org/10.1108/ics-01-2020-0004; see also Hans Graux et al., Interplay Between the AI Act and the EU Digital Legislative Framework, Eur. Parl. Comm. on Indus., Rsch. & Energy, Study PE 778.575 (2025), https://www.europarl.europa.eu/thinktank/en/document/ECTI_STU(2025)778575 (mapping overlaps and gaps across the EU digital legislative framework, including requirements related to security log retention and access).
[32] Org. for Econ. Co-operation & Dev., Towards a Common Reporting Framework for AI Incidents, OECD Artificial Intelligence Papers No. 34 (2025), https://doi.org/10.1787/f326d4ac-en; Ren Bin Lee Dixon & Heather Frase, AI Incidents: Key Components for a Mandatory Reporting Regime, Ctr. for Sec. & Emerging Tech., Georgetown Univ. (2025), https://cset.georgetown.edu/publication/ai-incidents-key-components-for-a-mandatory-reporting-regime (proposing elements of a mandatory AI-incident reporting regime modeled on aviation, health-care, and cybersecurity reporting systems).
[33] Org. for Econ. Co-operation & Dev., G7 Hiroshima Process on Generative Artificial Intelligence (AI) (2023), https://doi.org/10.1787/bf3c0c60-en; Org. for Econ. Co-operation & Dev., Overview of the OECD Pilot of the Hiroshima Artificial Intelligence Process Reporting Framework (2024), https://www.oecd.org/en/publications/overview-of-the-oecd-pilot-of-the-hiroshima-artificial-intelligence-process-reporting-framework_e41c1fcc-en.html (reporting pilot results that operationalize the Hiroshima Process commitments).
[34] Eur. Union Agency for Cybersecurity (ENISA), Multilayer Framework for Good Cybersecurity Practices for AI (2023), https://www.enisa.europa.eu/publications/multilayer-framework-for-good-cybersecurity-practices-for-ai.
[35] Graux et al., supra note 32.
[36] Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act), arts. 12–13, 2024 O.J. (L 1689) 1, https://eur-lex.europa.eu/eli/reg/2024/1689/oj (requiring high-risk AI systems to enable automatic event logging to support traceability and regulatory compliance).
[37] Regulation (EU) 2024/1689, art. 26 (requiring deployers of high-risk AI systems to retain system logs for at least six months).
[38] Id.; Michèle Finck, Chapter III: High-Risk AI System, in The EU Artificial Intelligence Act (2026), https://doi.org/10.1093/law/9780198925705.003.0004.
[39] Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 Dec. 2022 on Measures for a High Common Level of Cybersecurity Across the Union (NIS 2 Directive), 2022 O.J. (L 333) 80, https://eur-lex.europa.eu/eli/dir/2022/2555/oj; Eur. Union Agency for Cybersecurity (ENISA), Technical Implementation Guidance on Cybersecurity Risk Management Measures (2025), https://www.enisa.europa.eu/sites/default/files/2025-06/ENISA_Technical_implementation_guidance_on_cybersecurity_risk_management_measures_version_1.0.pdf.
[40] Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 Oct. 2024 on Horizontal Cybersecurity Requirements for Products with Digital Elements (Cyber Resilience Act), 2024 O.J. (L 2847) 1, https://eur-lex.europa.eu/eli/reg/2024/2847/oj; Pier Giorgio Chiara, The Cyber Resilience Act: The EU Commission’s Proposal for a Horizontal Regulation on Cybersecurity for Products with Digital Elements, Int’l Cybersecurity L. Rev. (2022), https://doi.org/10.1365/s43439-022-00067-6; Florian Teichmann, The Cyber Resilience Act as a New Paradigm for Product Security: A Compliance Roadmap, Int’l Cybersecurity L. Rev. (2025), https://doi.org/10.1365/s43439-025-00162-4 (analyzing the final enacted regulation).
[41] Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 Dec. 2022 on Digital Operational Resilience for the Financial Sector (DORA), 2022 O.J. (L 333) 1, https://eur-lex.europa.eu/eli/reg/2022/2554/oj; Eur. Supervisory Auths. (EBA, EIOPA & ESMA), Joint Regulatory Technical Standards on Major Incident Reporting Under DORA (2024), https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/operational-resilience/joint-technical-standards-major-incident-reporting.
[42] G7 Cyber Expert Group, Statement on Artificial Intelligence and Cybersecurity (2025), https://www.gov.uk/government/publications/g7-cyber-expert-group-statement-on-ai-and-cybersecurity/g7-cyber-expert-group-statement-on-artificial-intelligence-and-cybersecurity-september-2025; Jukka Ruohonen & Paul Timmers, Vulnerability Coordination Under the Cyber Resilience Act, Applied Cybersecurity & Internet Governance (2025), https://doi.org/10.60097/acig/213350.
[43] Anacleto Correia & António Gonçalves, Regulatory Convergence and Divergence: A Study on the Synergies and Conflicts Among Key Cybersecurity European Legislation, in MCIS 2024 Proceedings (2024), https://aisel.aisnet.org/mcis2024/4 (identifying conflicts in definitions and reporting timelines across the GDPR, NIS2, DORA, AI Act, and Cyber Resilience Act); Lee A. Bygrave, The Emergence of EU Cybersecurity Law: A Tale of Lemons, Angst, Turf, Surf and Grey Boxes, Computer L. & Sec. Rev. (2024), https://doi.org/10.1016/j.clsr.2024.106071 (describing EU cybersecurity law as “a sprawling jungle of regulatory instruments interacting in complex, confusing and sometimes disjointed ways”).
[44] U.K. Dep’t for Sci., Innovation & Tech., Code of Practice for the Cyber Security of AI (2025), https://www.gov.uk/government/publications/ai-cyber-security-code-of-practice/code-of-practice-for-the-cyber-security-of-ai.
[45] U.K. AI Sec. Inst., Frontier AI Trends Report (2025), https://www.aisi.gov.uk/frontier-ai-trends-report (evaluating frontier AI cybersecurity capabilities, including agentic cyber-task performance across varying levels of difficulty).
[46] Data (Use and Access) Act 2025; U.K. Dep’t for Sci., Innovation & Tech., Data (Use and Access) Act Factsheet: UK GDPR and DPA (2025), https://www.gov.uk/government/publications/data-use-and-access-act-2025-factsheets/data-use-and-access-act-factsheet-uk-gdpr-and-dpa.
[47] Albert Sanchez-Graells, Responsibly Buying Artificial Intelligence: A “Regulatory Hallucination”, 77(1) Current Legal Probs. 81 (2024), https://doi.org/10.1093/clp/cuae006 (coining the concept of a “regulatory hallucination”); Christopher T. Marsden, Generative AI Regulation in the UK, in The Oxford Handbook of the Foundations and Regulation of Generative AI (2025), https://doi.org/10.1093/oxfordhb/9780198940272.013.0043.
[48] Rogier Creemers, China’s Emerging Data Protection Framework, J. Cybersecurity (2022), https://doi.org/10.1093/cybsec/tyac011.
[49] Matt Sheehan, Tracing the Roots of China’s AI Regulations, Carnegie Endowment for Int’l Peace (2024), https://carnegieendowment.org/research/2024/02/tracing-the-roots-of-chinas-ai-regulations?lang=en; Yue Zhu et al., China’s Emerging Regulation Toward an Open Future for AI, 390 Science 132 (2025) (providing an overview of China’s six-pillar AI regulatory architecture).
[50] Sun Sun Lim & Gerry Chng, Verifying AI: Will Singapore’s Experiment with AI Governance Set the Benchmark?, Communication Rsch. & Prac. (2024), https://doi.org/10.1080/22041451.2024.2346416; Infocomm Media Dev. Auth. (IMDA), Model AI Governance Framework for Generative AI (2024), https://www.imda.gov.sg/resources/press-releases-factsheets-and-speeches/archived/imda/press-releases/2024/launch-of-generative-ai-governance-framework.
[51] Jeremy Leonard Naramuda et al., Analyzing the Implementation Gaps in ISO/IEC 27001:2022 Controls: Insights from PDPC Singapore’s Cybersecurity Breaches, in 2025 IEEE 2nd International Conference on Cryptography, Informatics, and Cybersecurity (ICOCICS) (2025), https://www.semanticscholar.org/paper/67f45a88a7de5c19bdea5821610eda816d1f79f7.
[52] Eur. Union Agency for Cybersecurity (ENISA), NIS Investments 2024 (2024), https://www.enisa.europa.eu/publications/nis-investments-2024 (surveying cybersecurity investment and compliance across EU member states under NIS Directive reporting requirements).
[53] Cristina Del Giovane, Janos Ferencz & Javier López González, The Nature, Evolution and Potential Implications of Data Localisation Measures (OECD 2023), https://www.oecd.org/en/publications/the-nature-evolution-and-potential-implications-of-data-localisation-measures_179f718a-en.html; Peter Swire et al., Risks to Cybersecurity from Data Localization, Organized by Techniques, Tactics and Procedures, J. Cyber Pol’y (2024), https://doi.org/10.1080/23738871.2024.2384724 (finding that 13 of 14 ISO 27002 security controls are negatively affected by data-localization requirements).
[54] Emma Klein & Stewart Patrick, Envisioning a Global Regime Complex to Govern Artificial Intelligence, Carnegie Endowment for Int’l Peace (2024), https://carnegieendowment.org/research/2024/03/envisioning-a-global-regime-complex-to-govern-artificial-intelligence?lang=en; Huw Roberts et al., Global AI Governance: Barriers and Pathways Forward, 100(3) Int’l Affs. 1275 (2024), https://doi.org/10.1093/ia/iiae073 (mapping the emerging global AI-governance regime complex).
[55] Nick Bloom, Stephen Bond & John Van Reenen, Uncertainty and Investment Dynamics, Rev. Econ. Stud. (2007), https://doi.org/10.1111/j.1467-937X.2007.00426.x; see generally Avinash K. Dixit & Robert S. Pindyck, Investment Under Uncertainty (1994) (providing the foundational theoretical treatment of real-options investment decisions under uncertainty).
[56] Kira R. Fabrizio, The Effect of Regulatory Uncertainty on Investment: Evidence from Renewable Energy Generation, J.L. Econ. & Org. (2013), https://doi.org/10.1093/jleo/ews007; Scott R. Baker, Nick Bloom & Steven J. Davis, Measuring Economic Policy Uncertainty, 131(4) Q.J. Econ. 1593 (2016), https://doi.org/10.1093/qje/qjw024 (showing that policy uncertainty predicts declines in investment, output, and employment across 12 major economies).
[57] Mazaher Kianpour & Shahid Raza, More Than Malware: Unmasking the Hidden Risk of Cybersecurity Regulations, Int’l Cybersecurity L. Rev. (2024), https://doi.org/10.1365/s43439-024-00111-7.
[58] Sachdev, supra note 24.
[59] Ivan Png, Law and Innovation: Evidence from State Trade Secrets Laws, 99(1) Rev. Econ. & Stat. 167 (2017), https://doi.org/10.1162/rest_a_00532; Colleen Cunningham & Aldona Kapacinskaite, Keeping Invention Confidential, Mgmt. Sci. (2025), https://doi.org/10.1287/mnsc.2023.01434 (finding that stronger trade-secret protection increases both the use and novelty of trade secrets).
[60] Feng Gao, Xue Wang & Benda Yin, The Benefits of Trade Secret Legal Protection: Evidence from Firms’ Cost Structure Decisions, J.L. Econ. & Org. (2022), https://doi.org/10.1093/jleo/ewac013.