LEGAL FRAMEWORK FOR CYBERSECURITY IN THE CONTEXT OF THE METAVERSE FORMATION
Authors
-
Prokopovych-Tkachenko Dmytro
Ph.D. in Technical Sciences, Associate Professor, Head of the Department of Cybersecurity and Information Technologies, University of Customs and Finance. Senior Research Fellow, State Scientific Institution “Institute of Information, Security and Law of the National Academy of Legal Sciences of Ukraine”, Ukraine
Author
https://orcid.org/0000-0002-6590-3898
-
Sarychev Volodymyr
Doctor of Economics, Associate Professor, Professor of the Department of Economics and Economic Security, University of Customs and Finance, Ukraine
Author
https://orcid.org/0000-0002-8544-9901
-
Derkach Vitaliy
Candidate of Law, Senior Lecturer, Department of “Criminal Law and Criminology”, Dnipro State University of Internal Affairs, Ukraine
Author
https://orcid.org/0009-0005-3091-7850
-
Rudenko Yevheniy
Independent researcher in the field of law, State scientific institution "Institute of Information, Security and Law" of the National Academy of Legal Sciences of Ukraine, Ukraine
Author
https://orcid.org/0009-0006-5099-6274
-
Matzko Volodymyr
Independent researcher at the Department of Cybersecurity and Information Technologies, University of Customs and Finance, Ukraine
Author
https://orcid.org/0009-0007-9091-4891
DOI:
https://doi.org/10.69635/mssl.2025.1.1.18Keywords:
Cybersecurity, Metaverse, Digital Law, Identification, Artificial Intelligence, Personal Data, Blockchain, Digital Identity, Smart Contract, Regulation, Cyber DefenseAbstract
This article provides a comprehensive analysis of the legal challenges and regulatory gaps emerging in the field of cybersecurity amid the rapid development of the metaverse—a virtual environment that integrates digital reality, artificial intelligence, blockchain, and distributed data technologies. The study explores critical legal dilemmas related to user identification, personal data protection, digital property management, and the implementation of smart contracts. It is argued that traditional regulatory models based on territorial sovereignty and centralized control mechanisms are ineffective in dynamic digital ecosystems, where identity, transactions, and interactions acquire transboundary and multi-agent characteristics. The concept of cyber-jurisdiction in metaverse environments is proposed, incorporating parameters of decentralization, network sovereignty, and the protection of individual information rights. Based on a comparative analysis of approaches from the EU, the USA, South Korea, and Ukraine, the article formulates proposals for developing an adaptive legal model for cyber governance, including mechanisms for digital certification, confidential identification, and cyberethical behavioral norms in virtual space. The results of the study are of interest to scholars, legislators, cyber analysts, and metaverse developers from the perspective of regulatory unification and the establishment of digital civil rights.
References
Kostenko, O. V. (2022). Genesis of legal regulation web and the model of the electronic jurisdiction of the metaverse. Bratislava Law Review, 6(2), 21–36. https://doi.org/10.46282/blr.2022.6.2.316
European Commission. (2021). Proposal for a regulation on artificial intelligence (AI Act). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52021PC0206
European Parliament & Council. (2022). Digital Services Act. https://digital-strategy.ec.europa.eu/en/policies/digital-services-act-package
National Institute of Standards and Technology. (2020). Privacy framework. https://www.nist.gov/privacy-framework
National Institute of Standards and Technology. (2023). AI Risk Management Framework 1.0. https://www.nist.gov/itl/ai-risk-management-framework
World Economic Forum. (2023). Privacy and safety in the metaverse. https://www.weforum.org/reports/privacy-and-safety-in-the-metaverse
Bygrave, L. A. (2014). Data privacy law: An international perspective. Oxford University Press. https://global.oup.com/academic/product/data-privacy-law-9780199675555
Zuboff, S. (2019). The age of surveillance capitalism. PublicAffairs. https://www.publicaffairsbooks.com/titles/shoshana-zuboff/the-age-of-surveillance-capitalism/9781610395694
Floridi, L. (Ed.). (2020). The ethics of artificial intelligence. Oxford University Press. https://doi.org/10.1093/oxfordhb/9780198836346.001.0001
De Filippi, P., & Wright, A. (2018). Blockchain and the law: The rule of code. Harvard University Press. https://www.hup.harvard.edu/catalog.php?isbn=9780674976429
Rehm, G., et al. (2022). European language equality in the digital age. Springer. https://doi.org/10.1007/978-3-030-82786-1
UNESCO. (2021). Recommendation on the ethics of artificial intelligence. https://unesdoc.unesco.org/ark:/48223/pf0000381137
Chertoff, M., & Simon, T. (2022). The impact of the metaverse on national security and privacy. Brookings Institution. https://www.brookings.edu
Koops, B.-J. (2020). The concept of cybercrime and legal frameworks. Computer Law & Security Review, 36, 105381. https://doi.org/10.1016/j.clsr.2019.105381
Binns, R. (2018). Algorithmic accountability and transparency in justice systems. Philosophy & Technology, 31(4), 543–556. https://doi.org/10.1007/s13347-017-0263-5
Cavoukian, A. (2009). Privacy by design: The 7 foundational principles. https://www.ipc.on.ca/wp-content/uploads/resources/7foundationalprinciples.pdf
Richards, N. M., & Hartzog, W. (2014). The dangers of surveillance. Harvard Law Review, 126(7), 1934–1965. https://harvardlawreview.org/2013/06/the-dangers-of-surveillance
Taddeo, M., & Floridi, L. (2018). How AI can be a force for good. Science, 361(6404), 751–752. https://doi.org/10.1126/science.aat5991
Nissenbaum, H. (2009). Privacy in context: Technology, policy, and the integrity of social life. Stanford University Press. https://www.sup.org/books/title/?id=8864
Balkin, J. M. (2014). The three laws of robotics in the age of big data. Ohio State Law Journal, 78, 1217–1231. https://hdl.handle.net/1811/71498
Solove, D. J. (2008). Understanding privacy. Harvard University Press. https://www.hup.harvard.edu/catalog.php?isbn=9780674035072
Lyon, D. (2014). Surveillance, Snowden, and big data. Big Data & Society, 1(2). https://doi.org/10.1177/2053951714541861
van Dijck, J. (2013). The culture of connectivity. Oxford University Press. https://doi.org/10.1093/acprof:oso/9780199970773.001.0001
Helbing, D. (2015). Thinking ahead: Essays on big data and the digital revolution. Springer. https://doi.org/10.1007/978-3-319-15078-9
Allen, A. L. (2011). Unpopular privacy. Oxford University Press. https://global.oup.com/academic/product/unpopular-privacy-9780195149784
Lessig, L. (2006). Code: And other laws of cyberspace (2nd ed.). Basic Books. https://codev2.cc
Bostrom, N., & Yudkowsky, E. (2014). The ethics of AI. In Cambridge Handbook of AI (pp. 316–334). https://doi.org/10.1017/CBO9781139046855.020
Mittelstadt, B. D., Allo, P., Taddeo, M., Wachter, S., & Floridi, L. (2016). The ethics of algorithms. Big Data & Society, 3(2). https://doi.org/10.1177/2053951716679679
Tanczer, L. M., Steen, M., & Blythe, J. M. (2022). Cybersecurity governance in smart homes. Internet Policy Review, 11(2). https://doi.org/10.14763/2022.2.1676
Doneda, D., & Almeida, V. A. F. (2016). Privacy governance in cyberspace. IEEE Internet Computing, 20(2), 60–64. https://doi.org/10.1109/MIC.2016.36
Rikken, M., Hoepman, J.-H., & van den Hoven, J. (2020). Privacy patterns for online platforms. Ethics and Information Technology, 22, 123–138. https://doi.org/10.1007/s10676-019-09517-1
Wachter, S., Mittelstadt, B., & Floridi, L. (2017). Why a right to explanation does not exist. International Data Privacy Law, 7(2), 76–99. https://doi.org/10.1093/idpl/ipx005
Narayanan, A., & Shmatikov, V. (2008). Robust de-anonymization. IEEE S&P, 111–125. https://doi.org/10.1109/SP.2008.33
Cavoukian, A. (2012). Big data and innovation. https://www.ipc.on.ca/wp-content/uploads/2016/11/big-data-innovation.pdf
Böhme, R., & Moore, T. (2012). Economics of cybersecurity. Int. J. Critical Infrastructure Protection, 5(3–4), 134–143. https://doi.org/10.1016/j.ijcip.2012.09.002
Tufekci, Z. (2015). Algorithmic harms beyond big tech. Colorado Technology Law Journal, 13(1), 203–218. https://ctlj.colorado.edu/?p=1332
Gasser, U., & Almeida, V. (2017). Layered AI governance. Nature Machine Intelligence, 1(6), 272–274. https://doi.org/10.1038/s42256-019-0062-6
Mozilla Foundation. (2022). State of Mozilla and Trustworthy AI. https://foundation.mozilla.org/en/insights/trustworthy-ai
Future of Privacy Forum. (2023). Metaverse and privacy best practices. https://fpf.org
IEEE Standards Association. (2023). Standards for metaverse architecture (P2048). https://standards.ieee.org
Korea Internet & Security Agency. (2021). Cybersecurity strategy of South Korea. https://www.kisa.or.kr
Ministry of Digital Transformation of Ukraine. (2022). Cybersecurity strategy of Ukraine 2021–2025. https://thedigital.gov.ua
Published
Issue
Section
License
Copyright (c) 2025 Prokopovych-Tkachenko Dmytro, Sarychev Volodymyr, Derkach Vitaliy, Rudenko Yevheniy, Matzko Volodymyr (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
All articles are published as open access and are licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0). This means that authors retain the copyright to the content of their articles. Under the CC BY 4.0 license, the content can be copied, adapted, displayed, distributed, republished, or otherwise reused for any purpose, including commercial use, provided that proper attribution is given to the original authors.
How to Cite
