This paper addresses the interplay between robots, cybersecurity, and safety from a European legal perspective, a topic under-explored by current technical and legal literature. The legal framework, together with technical standards, is a necessary parameter for the production and deployment of robots. However, European law does not regulate robots as such, and there exist multiple and overlapping legal requirements focusing on specific contexts, such as product safety and medical devices. Besides, the recently enacted European Cybersecurity Act establishes a cybersecurity certification framework, which could be used to define cybersecurity requirements for robots, although concrete cyber-physical implementation requirements are not yet prescribed. In this article, we illustrate cybersecurity challenges and their subsequent safety implications with the concrete example of care robots. These robots interact in close, direct contact with children, elderly, and persons with disabilities, and a malfunctioning or cybersecurity threat may affect the health and well-being of these people. Moreover, care robots may process vast amounts of data, including health and behavioral data, which are especially sensitive in the healthcare domain. Security vulnerabilities in robots thus raise significant concerns, not only for manufacturers and programmers, but also for those who interact with them, especially in sensitive applications such as healthcare. While the latest European policymaking efforts on robot regulation acknowledge the importance of cybersecurity, many details, and their impact on user safety have not yet been addressed in depth. Our contribution aims to answer the question whether the current European legal framework is prepared to address cyber and physical risks from care robots and ensure safe human–robot interactions in such a sensitive context. Cybersecurity and physical product safety legal requirements are governed separately in a dual regulatory framework, presenting a challenge in governing uniformly and adequately cyber-physical systems such as care robots. We conceptualize and discuss the challenges of regulating cyber-physical systems’ security with the current dual framework, particularly the lack of mandatory certifications. We conclude that policymakers need to consider cybersecurity as an indissociable aspect of safety to ensure robots are truly safe to use.

本文从欧洲法律的角度探讨了机器人，网络安全和安全之间的相互作用，这是当前技术和法律文献所未探讨的话题。法律框架以及技术标准是生产和部署机器人的必要参数。但是，欧洲法律并未对机器人本身进行规范，并且存在针对特定情况（例如产品安全性和医疗设备）的多重且重叠的法律要求。此外，最近颁布的《欧洲网络安全法》建立了网络安全认证框架，尽管尚未规定具体的网络物理实施要求，但该框架可用于定义机器人的网络安全要求。在本文中，我们将通过护理机器人的具体示例来说明网络安全挑战及其后续的安全隐患。这些机器人与儿童，老人和残疾人密切互动，直接互动，故障或网络安全威胁可能会影响这些人的健康。此外，护理机器人可能会处理大量数据，包括健康和行为数据，这些数据在医疗保健领域特别敏感。因此，机器人中的安全漏洞不仅引起制造商和程序员的关注，而且也引起与机器人进行交互的人们的关注，特别是在诸如医疗保健之类的敏感应用程序中。尽管欧洲在机器人监管方面的最新政策制定工作承认了网络安全的重要性，但许多细节仍然存在，及其对用户安全的影响尚未深入探讨。我们的贡献旨在回答以下问题：当前的欧洲法律框架是否准备应对护理机器人的网络和物理风险，并确保在这种敏感环境下人机交互的安全性。网络安全和物理产品安全法律要求在双重监管框架中分别管理，这在管理统一而充分的网络物理系统（例如护理机器人）方面提出了挑战。我们以当前的双重框架概念化并讨论了调节网络物理系统安全性的挑战，特别是缺乏强制性认证。我们得出的结论是，决策者需要将网络安全视为安全不可分割的一部分，以确保机器人真正真正安全地使用。我们的贡献旨在回答以下问题：当前的欧洲法律框架是否准备应对护理机器人的网络和物理风险，并确保在这种敏感环境下人机交互的安全性。网络安全和物理产品安全法律要求在双重监管框架中分别管理，这在管理统一而充分的网络物理系统（例如护理机器人）方面提出了挑战。我们以当前的双重框架概念化并讨论了调节网络物理系统安全性的挑战，特别是缺乏强制性认证。我们得出的结论是，决策者需要将网络安全视为安全不可分割的一部分，以确保机器人真正真正安全地使用。我们的贡献旨在回答以下问题：当前的欧洲法律框架是否准备应对护理机器人的网络和物理风险，并确保在这种敏感环境下人机交互的安全性。网络安全和物理产品安全法律要求在双重监管框架中分别管理，这在管理统一而充分的网络物理系统（例如护理机器人）方面提出了挑战。我们以当前的双重框架概念化并讨论了调节网络物理系统安全性的挑战，特别是缺乏强制性认证。我们得出的结论是，决策者需要将网络安全视为安全不可分割的一部分，以确保机器人真正真正安全地使用。