Blurring Public and Private: Cybersecurity in the Age of Regulatory Capitalism

  • Benjamin Farrand
  • Helena Carrapico


The protection of cyberspace has become one of the highest security priorities of governments worldwide. The EU is not an exception in this context, given its rapidly developing cyber security policy. Since the 1990s, we could observe the creation of three broad areas of policy interest: cyber-crime, critical information infrastructures and cyber-defence. One of the main trends transversal to these areas is the importance that the private sector has come to assume within them. In critical information infrastructure protection, the private sector is perceived as a key stakeholder, given that it currently operates most infrastructures in this area. Because of this operative capacity, the private sector has come to be understood as the expert in network and information systems security, whose knowledge is crucial for the regulation of the field. Adopting a Regulatory Capitalism framework, complemented by insights from Network Governance, we can identify the shifting role of the private sector in this field from one of a victim in need of protection in the first phase, to a commercial actor bearing responsibility for ensuring network resilience in the second, to an active policy shaper in the third, participating in the regulation of NIS by providing technical expertise. By drawing insights from the above-mentioned frameworks, we can better understand how private actors are involved in shaping regulatory responses, as well as why they have been incorporated into these regulatory networks.


  1. Bennett, A., & Checkel, J. T. (2014). Process tracing: From philosophical roots to best practices. In A. Bennett & J. T. Checkel (Eds.), Process tracing: From metaphor to analytic tool (pp. 3–37). Cambridge: Cambridge University Press.CrossRefGoogle Scholar
  2. Bevir, M., & Rhodes, R. A. (2003). Interpreting British Governance. London: Routledge.CrossRefGoogle Scholar
  3. Börzel, T. A. (1998). Organizing Babylon – On the different conceptions of policy networks. Public Administration, 76(2), 253–273.CrossRefGoogle Scholar
  4. Bourdieu, P. (1998). The essence of neoliberalism. Le Monde diplomatique.Google Scholar
  5. Braithwaite, J. B. (2005). Neoliberalism or regulatory capitalism. Accessed February 22, 2016, from
  6. Braithwaite, J. (2008). Regulatory capitalism: How it works, ideas for making it work better. Cheltenham: Edward Elgar.CrossRefGoogle Scholar
  7. Cahill, D. (2015). The end of Laissez-Faire?: On the durability of embedded neoliberalism. Cheltenham: Edward Elgar.Google Scholar
  8. Calliess, G.-P., & Zumbansen, P. C. (2010). Rough consensus and running code: A theory of transnational private law. Oxford: Hart Publishing.Google Scholar
  9. Castells, M. (1996). The rise of the network society: Economy, society, and culture. Oxford: Blackwell.Google Scholar
  10. Chomsky, N. (1998). Profits over people: Neoliberalism and the global order. New York: Seven Stories Press, U.S.Google Scholar
  11. Clough, J. (2012). The council of Europe convention on cybercrime: Defining ‘crime’ in a digital world. Criminal Law Forum, 23(4), 363–391.CrossRefGoogle Scholar
  12. Cohen, E. (2011). Assessing the impact of the global financial crisis on transnational financial law and regulation. Finnish Yearbook of International Law, 22, 51–84.Google Scholar
  13. Coudert, F., & Werkers, E. (2010). In the aftermath of the promusicae case: How to strike the balance? International Journal of Law and Information Technology, 18(1), 50–71.CrossRefGoogle Scholar
  14. Council of Europe. (2001). Convention on cybercrime, CETS No.185, Budapest 23 November 2001.Google Scholar
  15. Council of the European Union. (2009). Council resolution of 18 December 2009 on a collaborative European approach to Network and Information Security, Brussels.Google Scholar
  16. Council of the European Union. (2016). Proposal for a directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union – Political agreement.Google Scholar
  17. Culpepper, P. D. (2011). Quiet politics and business power: Corporate control in Europe and Japan. Cambridge: Cambridge University Press.Google Scholar
  18. Dehousse, R. (1997). Regulation by networks in the European community: The role of European agencies. Journal of European Public Policy, 4(2), 246–261.CrossRefGoogle Scholar
  19. ENISA. (2012). Shortlisting network and information security standards and good practices. Heraklion, Crete.Google Scholar
  20. ENISA. (2013). 1st Meeting of ENISA’s electronic communications reference group in Rome. Accessed June 11, 2015, from
  21. ENISA. (2014). Technical guideline on security measures for Article 4 and Article 13a. Heraklion, Crete.Google Scholar
  22. ENISA. (2015a). Information sharing in focus at ENISA’s 3rd Electronic Communications Reference Group Meeting. Accessed June 11, 2015, from
  23. ENISA. (2015b). Work Programme 2016. Google Scholar
  24. European Commission. (1990). Protection of individuals in relation to the processing of personal data in the Community and information security.Google Scholar
  25. European Commission. (1995). Green Paper: Copyright and related rights in the information society. Brussels: European Commission.Google Scholar
  26. European Commission. (2000). Proposal for a directive of the European Parliament and of the Council on a common regulatory framework for electronic communications networks and services. Brussels.Google Scholar
  27. European Commission. (2001). Network and information security: Proposal for a European policy approach. Brussels.Google Scholar
  28. European Commission. (2006). A strategy for a secure information society: “Dialogue, partnership and empowerment,” Brussels.Google Scholar
  29. European Commission. (2007a). European electronic communications regulation and markets (12th Report). Brussels.Google Scholar
  30. European Commission. (2007b). Proposal for a directive amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to, and interconnection of, electronic communications networks and services, and 2002/20/EC on the authorisation of electronic communications networks and services. Brussels.Google Scholar
  31. European Commission. (2009). Critical information infrastructure protection: “Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience.” Google Scholar
  32. European Commission. (2010a). A digital agenda for Europe, Brussels.Google Scholar
  33. European Commission. (2010b). Europe 2020: A strategy for smart, sustainable and inclusive growth. Brussels.Google Scholar
  34. European Commission. (2013a). Action 28: Reinforced network and information security policy. Digital Agenda for Europe. Accessed June 12, 2015, from
  35. European Commission. (2013b). Commission staff working document: Impact assessment accompanying the document: Proposal for a Directive of the European Parliament and of the Council Concerning measures to ensure a high level of network and information security across the Union, Brussels.Google Scholar
  36. European Commission. (2013c). Proposed Directive on Network and Information Security – frequently asked questions. Brussels. Accessed June 12, 2015, from
  37. European Commission. (2015). EU Cybersecurity Strategy – 2nd High Level Conference. Digital Agenda for Europe. Accessed June 12, 2015, from
  38. European Commission. (2017a). Commission launches a public consultation for the review of the European Union Agency for Network and Information Security (ENISA). Digital Single Market. Accessed April 8, 2017, from
  39. European Commission. (2017b). Questionnaire on the evaluation and review of the European Union Agency for Network and Information Security. EUSurvey. Accessed April 8, 2017, from
  40. European Commission. Commission staff working document annex to the European electronic communications regulation and markets (12th Report), Brussels.Google Scholar
  41. European Commission & High Representative of the European Union for Foreign Affairs and Security Policy. (2013). Cybersecurity strategy of the European Union: An open, safe and secure cyberspace. Brussels.Google Scholar
  42. European Parliament. (2015). MEPs close deal with Council on first ever EU rules on cybersecurity. European Parliament News. Accessed February 22, 2016, from
  43. Eurostat. (2013). Enterprises with fixed broadband access. Brussels.Google Scholar
  44. Eurostat. (2014). Percentage of households who have internet access at home. Brussels.Google Scholar
  45. Farrand, B. (2014). The digital agenda for Europe, the economy and its impact upon the development of EU copyright policy. In I. A. Stamatoudi & P. Torremans (Eds.), Copyright Law in the European Union. Cheltenham: Edward Elgar.Google Scholar
  46. Farrand, B. (2016). The future of copyright enforcement online: Intermediaries caught between formal and informal governance in the EU. In I. A. Stamatoudi (Ed.), New Developments in EU and International Copyright Law. Alphen aan den Rijn: Kluwer Law International.Google Scholar
  47. Farrand, B., & Carrapico, H. (2013). Networked governance and the regulation of expression on the internet: The blurring of the role of public and private actors as content regulators. Journal of Information Technology & Politics, 10(4), 357–368.CrossRefGoogle Scholar
  48. Farrell, S. (2016). TalkTalk counts costs of cyber-attack. The Guardian. Accessed February 29, 2016, from
  49. Fourcade-Gourinchas, M., & Babb, S. L. (2002). The rebirth of the liberal creed: Paths to neoliberalism in four countries. American Journal of Sociology, 108(3), 533–579.CrossRefGoogle Scholar
  50. George, A. L., & Bennett, A. (2005). Case studies and theory development in the social sciences. Cambridge, MA: MIT Press.Google Scholar
  51. Gibbs, S. (2015). TalkTalk criticised for poor security and handling of hack attack. The Guardian. Accessed February 29, 2016, from
  52. Gilardi, F. (2008). Delegation in the regulatory state: Independent regulatory agencies in Western Europe. Cheltenham, UK; Northampton, MA: Edward Elgar.Google Scholar
  53. Haas, E. B. (1968). The Uniting of Europe: Political, social and economic forces, 1950–57, 2nd Revised ed. Stanford University Press.Google Scholar
  54. Hall, P. A. (2013). Tracing the progress of process tracing. European Political Science, 12(1), 20–30.CrossRefGoogle Scholar
  55. Harvey, D. (2007). A brief history of neoliberalism, New ed. Oxford; New York: OUP Oxford.Google Scholar
  56. Horten, M. (2011). The copyright enforcement enigma: Internet politics and the “Telecoms Package.” New York: Palgrave Macmillan.Google Scholar
  57. JISC. (2015). DDoS attack disrupting Janet network. JISC News. Accessed February 29, 2016, from
  58. Jordana, J., & Levi-Faur, D. (2004). The politics of regulation in the age of governance. In J. Jordana & D. Levi-Faur (Eds.), The politics of regulation: Institutions and regulatory reforms for the age of governance. Cheltenham: Edward Elgar.CrossRefGoogle Scholar
  59. Knowles, W., et al. (2015). A survey of cyber security management in industrial control systems. International Journal of Critical Infrastructure Protection, 9, 52–80.CrossRefGoogle Scholar
  60. Lægreid, P., & Verhoest, K. (2010). Introduction: Reforming public sector organizations. In P. Lægreid & K. Verhoest (Eds.), Governance of public sector organization: Proliferation, autonomy and performance. Hampshire: AIAA.CrossRefGoogle Scholar
  61. Lazer, D. (2005). Regulatory capitalism as a networked order: The international system as an informational network. The Annals of the American Academy of Political and Social Science, 598(1), 52–66.CrossRefGoogle Scholar
  62. Levi-Faur, D. (2005). The rise of regulatory capitalism: The global diffusion of a new order. The Annals of the American Academy of Political and Social Science, 598(1), 12–32.CrossRefGoogle Scholar
  63. Levi-Faur, D., & Jordana, J. (2005). Globalizing regulatory capitalism. The Annals of the American Academy of Political and Social Science, 598(1), 6–9.CrossRefGoogle Scholar
  64. Majone, G. (Ed.). (1996). Regulating Europe. London: Routledge.Google Scholar
  65. Moe, T. M. (1990). Political institutions: The neglected side of the story. Journal of Law, Economics, & Organization, 6, 213–253.CrossRefGoogle Scholar
  66. Picciotto, S. (2006). Regulatory networks and global governance. Institute of Advanced Legal Studies: University of London.Google Scholar
  67. Ponte, S., Gibbon, P., & Vestergaard, J. (Eds.). (2011). Governing through standards: Origins, drivers and limitations, 2011 ed. Houndmills, Basingstoke, Hampshire; New York: AIAA.Google Scholar
  68. Porcedda, M. G. (2011). Translantic approaches to cybersecurity and cybercrime. In P. Pawlak (Ed.), The EU-US security and justice agenda in action. Chaillot Papers.Google Scholar
  69. Reestman, J.-H., & Eijsbouts, W. T. (2009). Internet policy and the European political and legal orders. European Constitutional Law Review, 5(2), 169–172.CrossRefGoogle Scholar
  70. Risse, T., & Börzel, T. A. (2005). Public-private partnerships: Effective and legitimate tools of international governance. In E. Grande & L. W. Pauly (Eds.), Complex sovereignty: Reconstituting political authority in the twenty-first century. Toronto: University of Toronto Press.Google Scholar
  71. Rittberger, B., & Wonka, A. (Eds.). (2012). Agency governance in the EU. Routledge.Google Scholar
  72. Schimmelfennig, F. (2003). The EU, NATO and the Integration of Europe: Rules and Rhetoric. Camberidge; New York: Cambridge University Press.Google Scholar
  73. Vogel, S. K. (1996). Freer markets, more rules: Regulatory reform in advanced industrial countries. Ithaca: Cornell University Press.Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  1. 1.Warwick School of LawUniversity of WarwickCoventryUK
  2. 2.Department of Politics and International Relations, School of Languages and Social SciencesAston UniversityBirminghamUK

Personalised recommendations