Considering insufficient legal research, from the perspective of administrative law, of current cybersecurity regulations, the overall purpose of the paper is an administrative law approach of cybersecurity regulations, with emphasis on the Romanian case in the context of European Union and international law. The research hypotheses of the interface between administrative law and the cybersecurity rules cover three dimensions: the regulation of cybersecurity institutional capacity, the regulation of administrative decision-making and, respectively, administrative and judicial remedies. Analytical and comparative methods are used, with the role of case law. In international law, the conclusions of the study highlight the rules established by international agreements. In EU law, the NIS 2 Directive establishes public administration entities of central government of the Member State as “essential entities”, a set of administrative decision-making regulations and, respectively, administrative and judicial remedies. In Romania, the internal legal framework has been harmonized with EU law. The Law No. 58/2023 establishes responsibilities of public authorities and bodies which are “competent authorities” in this field. There are two categories of administrative acts in the administrative decision-making procedure established by this law, which can be appealed in administrative contentious.

LITERATURE

Borković I., Upravno pravo, Zagreb 2002.

Cătană E.L., Drept administrativ, București 2023.

Cătană E.L., Serviciile publice și spaţiul cibernetic. Implicaţii ale Legii nr. 58/2023, “Pandectele Române / Romanian Pandects” 2023, no. 4.

Cheng M.H., Kuen H.C., Towards a Digital Government: Reflections on Automated Decision-Making and the Principles of Administrative Justice, “Singapore Academy of Law Journal” 2019, vol. 31(2).

Coco A., Souza Dias T. de, ‘Cyber Due Diligence’: A Patchwork of Protective Obligations in International Law, “The European Journal of International Law” 2021, vol. 32(3), DOI: https://doi.org/10.1093/ejil/chab056.

Coglianese C., Administrative Law in the Automated State, “Daedalus” 2021, vol. 150(3), DOI: https://doi.org/10.1162/daed_a_01862.

Daly P., Raso J., Tomlinson J., Researching Administrative Law in the Digital World, [in:] A Research Agenda for Administrative Law, ed. C. Harlow, Aldershot 2023, DOI: https://dx.doi.org/10.2139/ssrn.4008531.

Dragoș D.C., Administrative Appeal, [in:] Global Encyclopedia of Public Administration, Public Policy and Governance, ed. A. Farazmand, Cham 2016, DOI: https://doi.org/10.1007/978-3-319-31816-5_1033-1.

Emery T.J., Mélon L., Spruk R., E-Procurement and Institutional Quality: Friends or Foes? Evidence from Catalonia, [in:] Sustainability in Public Procurement, Corporate Law and Higher Education, ed. L. Melon, London 2023, DOI: https://doi.org/10.4324/9781003252153-8.

Erskine T., Carr M., Beyond ‘Quasi-Norms’: The Challenges and Potential of Engaging with Norms in Cyberspace, [in:] International Cyber Norms: Legal, Policy & Industry Perspectives, eds. A.-M. Osula, H. Rõigas, Tallinn 2016.

European Union Agency for Cybersecurity, Kyranoudi P., Liveri D., Drougkas A., Zisi A., Procurement Guidelines for Cybersecurity in Hospitals – Good Practices for the Security of Healthcare Services, European Network and Information Security Agency, 2020, DOI: https://data.europa.eu/doi/10.2824/943961.

Finnemore M., Hollis D.B., Beyond Naming and Shaming: Accusations and International Law in Cybersecurity, “The European Journal of International Law” 2020, vol. 31(3), DOI: https://doi.org/10.1093/ejil/chaa056.

Finnemore M., Hollis D.B., Constructing Norms for Global Cybersecurity, “American Journal of International Law” 2016, vol. 110.

Franchini D., Extraterritorial Sanctions in Response to Global Security Challenges: Countermeasures as Gap-Fillers in the United Nations Collective Security System, “Cambridge International Law Journal” 2023, vol. 12(1), DOI: https://doi.org/10.4337/cilj.2023.01.08.

Grandia J., Volker L., Ways Forward in Public Procurement, [in:] Public Procurement Theory, Practices and Tools, eds. J. Grandia, L. Volker, Cham 2023, DOI: https://doi.org/10.1007/978-3-031-18490-1_8.

Hoffman I., Application of Administrative Law in the Time of Reforms in the Light of the Scope of Judicial Review in Hungary, “Studia Iuridica Lublinensia” 2020, vol. 29(3), DOI: https://dx.doi.org/10.17951/sil.2020.29.3.101-116.

Hoofnagle C.J., Sloot B. van der, Borgesius F.Z., The European Union General Data Protection Regulation: What It Is and What It Means, “Information & Communications Technology Law” 2019, vol. 28(1), DOI: https://doi.org/10.1080/13600834.2019.1573501.

International Telecommunication Union, Strategic Engagement in Cybersecurity: Guide to Developing a National Cybersecurity Strategy, Geneva 2021.

Jančová L., Fernandes M., Digitalisation and Administrative Law: European Added Value Assessment, Brussels 2022, DOI: https://doi.org/10.2861/643042.

Keršić M., Legal Principles in Croatian Legal Science: Fundamental Character and Indeterminacy, “Pravni vjesnik” 2020, vol. 36(1), DOI: https://doi.org/10.25234/pv/8273.

Lemnitzer J.M., Back to the Roots: The Laws of Neutrality and the Future of Due Diligence in Cyberspace, “The European Journal of International Law” 2022, vol. 33(3), DOI: https://doi.org/10.1093/ejil/chac053.

Murphy A., Ghencea F., The Legal Framework for Local Intergovernmental Coordination in Romania, “Studia Iuridica Lublinensia” 2023, vol. 32(5), DOI: https://dx.doi.org/10.17951/sil.2023.32.5.105-115.

Oddenino A., Digital Standardization, Cybersecurity Issues and International Trade Law, “Questions of International Law” 2018, vol. 51.

Peng S., Cybersecurity Threats and the WTO National Security Exceptions, “Journal of International Economic Law” 2015, vol. 18(2), DOI: https://doi.org/10.1093/jiel/jgv025.

Peng S., The Uneasy Interplay between Digital Inequality and International Economic Law, “The European Journal of International Law” 2022, vol. 33(1), DOI: https://doi.org/10.1093/ejil/chac019.

Ranchordás S., Empathy in the Digital Administrative State, “Duke Law Journal” 2022, vol. 71(6/4).

Sannerholm R., Legal, Judicial and Administrative Reforms in Post-Conflict Societies: Beyond the Rule of Law Template, “Journal of Conflict & Security Law” 2007, vol. 12(1), DOI: https://doi.org/10.1093/jcsl/krm004.

Szente Z., Conceptualising the Principle of Effective Legal Protection in Administrative Law, [in:] The Principle of Effective Legal Protection in Administrative Law: A European Comparison, eds. Z. Szente, K. Lachmayer, London 2017.

Tsagouria N., Farrell M., Cyber Attribution: Technical and Legal Approaches and Challenges, “The European Journal of International Law” 2020, vol. 31(3), DOI: https://doi.org/10.1093/ejil/chaa057.

Vedinaș V., Drept administrativ, Bucharest 2022.

Vedinaș V., La responsabilité financière de la gestion publique en Roumanie, [in:] Responsabilité financière des gestionnaires publics. Approches internationales, ed. S. Damarey, Paris 2023.

Waline J., Eckert G., Muller É., Droit administratif, Dalloz 2023.

ONLINE SOURCES

European Parliament, Procedure file 2021/2161(INL), https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2021/2161(INL)&l=en (access: 29.4.2025).

European Public Administration Network, Good Administration in European Countries, 2023, https://www.eupan.eu/wp-content/uploads/2023/04/Annex-1.-Good-administration-in-European-countries.pdf (access: 29.4.2025).

Romania’s Recovery and Resilience Plan (RRRP), approved by the EU Council on 28 October 2021, https://mfe.gov.ro/wp-content/uploads/2022/04/e6d481b413db9e7384a946c92e833d45.pdf (access: 29.4.2025).

DOCUMENTS, REPORTS

Green Paper from the European Commission of 18 October 2010 on expanding the use of e-Procurement in the EU, COM(2010) 571 final.

United Nations, Committee of Experts on Public Administration: Report on the Twenty-First Session (4–8 April 2022), New York 2022.

United Nations, Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, 22.7.2015, A/70/174.

United Nations, The Sustainable Development Goals Report 2022, New York 2022.

LEGAL ACTS

Charter of Fundamental Rights of the European Union (OJ C 326/391, 26.10.2012).

Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection (OJ L 345/75, 23.12.2008).

Directive 2014/24/EU of the European Parliament and of the Council of 26 February 2014 on public procurement and repealing Directive 2004/18/EC (OJ L 94/65, 28.3.2014).

Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194/1, 19.7.2016).

Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No. 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) (OJ L 333/80, 27.12.2022).

Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC (OJ L 333/164, 27.12.2022).

Emergency Government Ordinance No. 153/2002 (Official Journal of Romania no. 826 of 15 November 2002).

Emergency Government Ordinance No. 22/2009 (Official Journal of Romania no. 174 of 19 March 2009).

Emergency Government Ordinance No. 98/2010 on the identification, designation and protection of critical infrastructures (Official Journal of Romania no. 757 of 12 November 2010).

Emergency Government Ordinance No. 57/2019 on the Administrative Code (Official Journal of Romania no. 555 of 5 July 2019).

Emergency Government Ordinance No. 104/2021 (Official Journal of Romania no. 918 of 24 September 2021).

European Parliament resolution of 20 May 2021 on shaping the digital future of Europe: removing barriers to the functioning of the digital single market and improving the use of AI for European consumers (2020/2216(INI)) (OJ C 15/204, 12.1.2022).

Government Decision No. 404/2004 on the organisation and operation of the Government’s structures (Official Journal of Romania no. 267 of 26 March 2004).

Government Decision No. 1321/2021 on approving Romania’s cybersecurity strategy for 2022–2027, as well as the Action Plan for implementing Romania’s cybersecurity strategy for 2022–2027 (Official Journal of Romania no. 2 of 3 January 2022).

Government Ordinance No. 2/2001 on the legal nature of contraventions (Official Journal of Romania no. 410 of 25 July 2001).

Law No. 92/1996 on the organisation and operation of the Special Telecommunications Service (Official Journal of Romania no. 169 of 30 July 1996).

Law No. 191/1998 on the organisation and operation of the Protection and Security Service (Official Journal of Romania no. 402 of 22 October 1998).

Law No. 1/1998 on the organisation and operation of the External Information Service (Official Journal of Romania no. 511 of 18 October 2000).

Law No. 18/2011 (Official Journal of Romania no. 183 of 16 March 2011).

Law No. 362/2018 on ensuring common high security for informatic networks and systems (Official Journal of Romania no. 21 of 9 January 2019).

Law No. 58/2023 on Romania’s cyber security and defense, and for amending and completing some normative acts (Official Journal of Romania no. 214 of 15 March 2023).

Order No. 100/2024 of the National Directorate for Cybernetic Security on the approval of confidentiality and transparency policies of the National Platform for Reporting Cybersecurity Incidents (Official Journal of Romania no. 120 of 12 February 2024).

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119/1, 4.5.2016).

Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No. 526/2013 (Cybersecurity Act) (OJ L 151/15, 7.6.2019).

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No. 1060/2009, (EU) No. 648/2012, (EU) No. 600/2014, (EU) No. 909/2014 and (EU) 2016/1011 (OJ L 333/1, 27.12.2022).

Resolution adopted by the General Assembly on 8 September 2006: The United Nations Global Counter-Terrorism Strategy, A/RES/60/288.

Resolution adopted by the General Assembly on 22 June 2023: The United Nations Global Counter-Terrorism Strategy, A/RES/77/298.

Treaty on the Functioning of the European Union, consolidated version (OJ C 326/47, 26.10.2012).

CASE LAW

Decision no. 1005 of the High Court of Cassation and Justice, Administrative and Fiscal Contentious Department of 18 February 2021.

Judgment of the Court (First Chamber) of 12 January 2023 in case C-132/21, Nemzeti Adatvédelmi és Információszabadság Hatóság/Budapesti Elektromos Művek Zrt., ECLI:EU:C:2023:2.