Tobias Mahler

• Hauglid, Mathias K. & Mahler, Tobias (2023). Doctor Chatbot: The EU's Regulatory Prescription for Generative Medical AI. Oslo Law Review. ISSN 2387-3299. 10(1), p. 1–23. doi: 10.18261/olr.10.1.1. Full text in Research Archive
• Tørresen, Jim; Saplacan, Diana; Baselizadeh, Adel & Mahler, Tobias (2023). Machine Excellence Tradeoffs to Ethical and Legal Perspectives, Proceedings of the 2023 IEEE Conference on Artificial Intelligence (IEEE CAI). IEEE conference proceedings. ISSN 979-8-3503-3984-0. p. 237–240. doi: 10.1109/CAI54212.2023.00109. Full text in Research Archive Show summary

  Abstract—We appreciate well-functioning technology being able to also personalize its services. However, to protect privacy and avoid a potential misuse of personal data, we are encouraged to limit the amount of personal data we share through apps and Internet services. While some services do not really need all the data they ask us to provide, others depend on it to provide the best possible performance of its service. That regards systems that apply data in machine learning for tasks like medical diagnostics. Especially deep learning algorithms perform better by using a large amount of data and are now able to benefit from the large amount as well with limited training time given access to high-performance computing resources. This paper address and discuss the tradeoffs like the one we have between data sharing minimalization for increased privacy and data maximization for machine learning systems. Perspectives related to ethics, legal, and social issues are considered in the paper. There is no single conclusion on the challenge, but attention to it can increase the awareness that the best balance differs depending on the application addressed.

• Mahler, Tobias (2022). Regulating Artificial General Intelligence (AGI). In Custers, Bart & Fosch Villaronga, Eduard (Ed.), Law and Artificial Intelligence: Regulating AI and Applying AI in Legal Practice . T.M.C. Asser Press. ISSN 978-94-6265-522-5. p. 521–540. doi: https:/doi.org/10.1007/978-94-6265-523-2_26. Show summary

  This chapter discusses whether on-going EU policymaking on AI is relevant for Artificial General Intelligence (AGI) and what it would mean to potentially regulate it in the future. AGI is typically contrasted with narrow Artificial Intelligence (AI), which excels only within a specific given context. Although many researchers are working on AGI, there is uncertainty about the feasibility of devel- oping it. If achieved, AGI could have cognitive capabilities similar to or beyond those of humans and may be able to perform a broad range of tasks. There are concerns that such AGI could undergo recursive circles of self-improvement, potentially leading to superintelligence. With such capabilities, superintelligent AGI could be a significant power factor in society. However, dystopian superintelligence scenarios are highly controversial and uncertain, so regulating existing narrow AI should be a priority.

• Mahler, Tobias (2022). Between Risk Management and Proportionality: The Risk-Based Approach in the EU’s Artificial Intelligence Act Proposal. In Colonna, Liane & Greenstein, Stanley (Ed.), Law in the Era of Artificial Intelligence. Nordic Yearbook of Law and Informatics. ISSN 978-91-8892-964-8. p. 247–269. Show summary

  The European Commission has issued a proposal for an Artificial Intelligence (AI) Regulation1 (hereinafter ‘Proposal’ or Artificial Intelligence Act, AIA), laying down harmonised rules concerning certain AI systems in the European Union (EU). A key regulatory approach in the Proposal is that the development and use of AI systems is regulated based on risk level. The Proposal’s ‘risk-based approach’ consists of the use of risk levels as thresholds for specific requirements in the Proposal. AI systems that represent unacceptable risks are prohibited and high-risk systems must comply with specific requirements. Less risky systems must comply with fewer or no requirements.

• Fosch Villaronga, Eduard & Mahler, Tobias (2021). Cybersecurity, safety and robots: Strengthening the link between cybersecurity and safety in the context of care robots. Computer Law and Security Review. ISSN 0267-3649. 41. doi: 10.1016/j.clsr.2021.105528. Full text in Research Archive
• Schwemer, Sebastian Felix; Mahler, Tobias & Styri, Håkon (2021). Liability exemptions of non-hosting intermediaries: Sideshow in the Digital Services Act? Oslo Law Review. ISSN 2387-3299. 8(1), p. 4–29. doi: 10.18261/ISSN.2387-3299-2021-01-01. Full text in Research Archive
• Fosch-Villaronga, Eduard; Felzmann, Heike; Ramos-Montero, Maria & Mahler, Tobias (2018). Cloud services for robotic nurses? Assessing legal and ethical issues in the use of cloud services for healthcare robots. IEEE International Conference on Intelligent Robots and Systems. Proceedings. ISSN 2153-0858. doi: 10.1109/IROS.2018.8593591. Full text in Research Archive Show summary

  This paper explores ethical and legal implications arising from the intertwinement of cloud services, healthcare and robotics. It closes an existing gap in the literature by highlighting the distinctive ethical and legal concerns associated with the inter-dependence of the cyber- and the physical aspects of healthcare cloud robotics. The identified core concerns include uncertainties with regard to data protection requirements; distributed responsibilities for unintended harm; achievement of transparency and consent for cloud robot services especially for vulnerable robot users; secondary uses of cloud data derived from robot activities; data security; and wider social issues. The paper aims to raise awareness and stimulate reflection of the legal and ethical impacts on different stakeholders arising from the use of cloud services in healthcare robotics. We show that due to the complexity of these concerns the design and implementation of such robots in healthcare requires an interdisciplinary development and impact assessment process. In light of legal requirements and ethical responsibilities towards end-users and other stakeholders, we draw practical considerations for engineers developing cloud services for robots in healthcare.

• McGillivray, Kevin; Esayas, Samson Yoseph & Mahler, Tobias (2016). Is a Picture Worth a Thousand Terms? Visualising Contract Terms and Data Protection Requirements for Cloud Computing Users. Lecture Notes in Computer Science (LNCS). ISSN 0302-9743. 9881, p. 39–56. doi: 10.1007/978-3-319-46963-8_4. Show summary

  The following article evaluates two models for providing purchasers of online digital content, including cloud computing services, with visual notice of contract terms and data collection practises. Visualisation of contract terms and privacy policies has the potential to provide cloud consumers with an improved means of understanding the contract terms they are accepting when entering into an agreement with a Cloud Service Provider (CSP). The following paper examines two concrete proposals or models for the visualisation of contract terms and privacy practises as compliance tools in the European context. The article focuses primarily on consumer and data protection law. Although the visualisation models are not currently binding or legally required, they start an important conversation on how such terms can be more effectively conveyed.

• Mahler, Tobias & Solhaug, Bjørnar (2016). En konseptuell modell for ugyldighet. In Hjelmeng, Erling Johan (Eds.), Ugyldighet i privatretten - minnebok for Viggo Hagstrøm. Fagbokforlaget. ISSN 978-82-450-1808-0. p. 307–335.
• Esayas, Samson Yoseph; Mahler, Tobias; Seehusen, Fredrik; Bjørnstad, Frode & Brubakk, Veda (2015). An integrated method for compliance and risk assessment. In Samarati, Pierangela & Noubir, Guevara (Ed.), 2015 IEEE Conference on Communications and Network Security (CNS), Florence, 28-30 September, 2015. IEEE conference proceedings. ISSN 978-1-4673-7876-5. p. 568–576. doi: 10.1109/CNS.2015.7346870. Show summary

  This paper presents an integrated method for risk and compliance assessment and its evaluation in a case study. The sophistication with which modern business is carried out and the unprecedented access to a global market means that businesses are exposed to diverse regulatory requirements in and across jurisdictions. Compliance with such requirements is practically challenging, partly due to the complexity of regulatory environments. One possibility in this regard is a riskbased approach to compliance where resources are allocated to those compliance issues that are most risky. Despite the need for risk-based compliance, few specific methods and techniques for identifying and modeling compliance risks have been developed. The lack of methodological and tool support means the compliance risk identification often involves unstructured brainstorming, with uncertain outcomes. As part of the integrated method, a structured approach for the identification of compliance risks and their graphical modelling is provided. The main goal of the structured approach is to facilitate the identification and assessment of compliance risks and their subsequent documentation in a consistent and reusable fashion. The method is applied in a case study with the aim of assessing the compliance concerns in adopting cloud services. Our experience in the case study demonstrates that the integrated method enables a better structuring in the identification of compliance risks and yields reusable results. As well, the method facilitates communication among different expertise and mitigates subjectivity in making compliance decisions.

• Blandhol, Sverre & Mahler, Tobias (2015). Advokaten i fremtiden. In Knudtzon, Sigurd (Eds.), Å være advokat. Universitetsforlaget. ISSN 9788215025230. p. 24–60.
• Esayas, Samson Yoseph & Mahler, Tobias (2015). Modelling compliance risk: a structured approach. Artificial Intelligence and Law. ISSN 0924-8463. 23(3), p. 271–300. doi: 10.1007/s10506-015-9174-x. Show summary

  This article presents a structured and systematic approach for identifying and modelling compliance risks. The sophistication with which modern business is carried out and the unprecedented access to a global market means that businesses are exposed to increasing and diverse regulatory requirements in and across jurisdictions. Compliance with such requirements is practically challenging, partly due to the complexity of regulatory environments. One possibility in this regard is a risk-based approach to compliance, where resources are allocated to those compliance issues that are most risky. Despite the need for risk-based compliance, few specific methods and techniques for identifying and modelling compliance risks have been developed. Due to the lack of methodological and tool support, compliance risk identification often involves unstructured brainstorming, with uncertain outcomes. The proposed approach consists of a five-step process for the structured identification and assessment of compliance risks. This process aims at facilitating the identification of compliance risks and their documentation in a consistent and reusable fashion. As part of the process, the article provides a systematic approach for a graphical modelling of compliance risks, which aims at facilitating communication among experts from different backgrounds. The creation of graphical models can be partly automated based on natural language patterns for regulatory requirements. Furthermore, the structuring of the compliance requirement in a template aims at simplifying the modelling of compliance risks and facilitating a potential future automated model.

• Mahler, Tobias (2014). A gTLD right? Conceptual challenges in the expanding internet domain namespace. International Journal of Law and Information Technology. ISSN 0967-0769. 22(1), p. 27–48. doi: 10.1093/ijlit/eat018.
• Mahler, Tobias (2014). Assessing Legal Risks of Closed Generic Top-Level Domains . European Journal of Law and Technology. ISSN 2042-115X. 5(3).
• Mahler, Tobias (2014). Rechtsansprüche auf generische Top-Level Domains (gTLDs) nach der Marktliberalisierung - Eine kritische Untersuchung zentraler Begriffe des Domainnamensrechts . Juridikum (Wien). ISSN 1019-5394. p. 522–532.
• Mahler, Tobias (2013). Governance Models for Interoperable Electronic Identities. Journal of International Commercial Law and Technology. ISSN 1901-8401. 8(2), p. 148–159. Show summary

  Current implementations of electronic identity in Europe are rather diverse; they include state-driven identity management frameworks as well as private sector frameworks and different forms of public-private collaborations. This diversity may represent a major challenge for the deployment of information society services addressed towards the European internal market. This raises the question: How can we achieve interoperability of electronic identities across Europe, and potentially beyond Europe’s borders? This paper argues that the interoperability of electronic identity could be governed by a multi-stakeholder governance framework that brings together different parties with interests in the provision and use of electronic identities. Such a governance framework could, for example, consist in designing and operating a portal with common functionalities that allows interoperable authentication across multiple domains and contexts. Inspiration for the governance of such a portal could come both from existing successful implementations of electronic identity and from multi-stakeholder institutions that have proven useful in Internet governance.

• Mahler, Tobias (2013). A Graphical User-Interface for Legal Texts? In Svantesson, Dan Jerker B. & Greenstein, Stanley (Ed.), Internationalisation of Law in the Digital Information Society: Nordic Yearbook of Law and Informatics 2010–2012. Ex Tuto Publishing. ISSN 978-87-92598-22-6. p. 311–327.
• Mahler, Tobias (2012). Die Durchsetzbarkeit von Schranken-Schranken der Internetfreiheit. In Kleinwächter, Wolfgang (Eds.), Grenzen der Internetfreiheit. MIND Multistakeholder Internet Dialog. CO:LLABORATORY DISCUSSION PAPER SERIES NO. 1, #3. Internet & Gesellschaft Co:llaboratory. ISSN 978-3-9503139-6-3. p. 69–72.
• Jøsang, Audun; Fritsch, Lothar & Mahler, Tobias (2010). Privacy Policy Referencing. Lecture Notes in Computer Science (LNCS). ISSN 0302-9743. 6264, p. 129–140. Show summary

  Data protection legislation was originally defined for a context where personal information is mostly stored on centralized servers with limited connectivity and openness to 3rd party access. Currently, servers are connected to the Internet, where a large amount of personal information is continuously being exchanged as part of application transactions. This is very different from the original context of data protection regulation. Even though there are rather strict data protection laws in an increasing number of countries, it is in practice rather challenging to ensure an adequate protection for personal data that is communicated on-line. The enforcement of privacy legislation and policies therefore might require a technological basis, which is integrated with adequate amendments to the legal framework. This article describes a new approach called Privacy Policy Referencing, and outlines the technical and the complementary legal framework that needs to be established to support it.

• Jøsang, Audun; Fritsch, Lothar & Mahler, Tobias (2010). Privacy Policy Referencing. In Katsikas, Sokratis K.; Lopez, Javier & Soriano, Miguel (Ed.), TrustBus, Trust, Privacy and Security in Digital Business, 7th International Conference, TrustBus 2010, Bilbao, Spain, August 30-31, 2010. Proceedings, Lecture Notes in Computer Science 6264. Springer. ISSN 978-3-642-15151-4.
• Mahler, Tobias; Ranheim, Malin Renate & Cojocarasu, Dana Irina (2010). Hvordan vurderer nasjonale domstoler datalagringsdirektivet opp mot grunn- og menneskerettigheter? In Schartum, Dag Wiese (Eds.), Overvåking i en rettsstat. Fagbokforlaget. ISSN 978-82-450-1048-0. p. 149–166. Show summary

  Datalagringsdirektivet har vært omdiskutert helt siden det første forslaget ble fremmet. Et sentralt punkt for direktivets motstandere er at det strider mot menneskerettighetene i den europeiske menneskerettighetskonvensjonen (EMK) og respektive grunnrettighetskataloger i nasjonale forfatninger. I skrivende stund er direktivets fremtid åpen. EU skal evaluere direktivet, og mens noen land fortsatt diskuterer om og eventuelt hvordan direktivet skal gjennomføres, har andre land allerede fått prøvd sine datalagringslover for domstolene. På nåværende tidspunkt har verken den europeiske menneskerettighetsdomstolen i Strasbourg, (EMD) eller EU domstolen i Luxemburg, (EUD) tatt stilling til om direktivet eller datalagringslovene strider mot menneskerettighetene. Denne artikkelen omhandler tre dommer fra henholdsvis Bulgaria, Romania og Tyskland, som alle har erklært de respektive nasjonale lovene for grunnlovsstridige. Vi er ikke kjent med saker der datalagringslover har blitt prøvet uten at den respektive domstolen har funnet brudd med menneskerettighetene. Til tross for at domstolenes argumentasjon kretser rundt direktivets gjennomføring i nasjonalt rett, har de fleste av argumentene i disse dommene en overføringsverdi på flere plan. For det første kan de brukes som en veiledning for eventuelt å gjennomføre direktivet på en måte som ikke strider mot menneskerettighetene. Dette forutsetter imidlertid at man, som i den tyske dommen, mener at det i det hele tatt er mulig å gjennomføre direktivet uten å krenke retten til privatliv etter EMK art 8. Alternativt kan argumentene i dommene få betydning dersom andre lands datalagringslover blir et tema ved en nasjonal eller europeisk domstol. Og for det tredje vil EUs evaluering av direktivet også måtte ta stilling til hvorvidt direktivets virkeområde bør utvides for å inkludere teknologier og bruksmåter (for eksempel sosiale medier) som per i dag ikke er direkte omfattet av lagringsplikten. På denne bakgrunn mener vi det er av interesse å sammenligne de sentrale argumentene fra de tre dommene og analysere overføringsverdien, bl.a. i lys av EMDs rettspraksis.

• Mahler, Tobias & Ranheim, Malin Renate (2010). Datalagringsdirektivet og den tyske grunnloven. Lov & Data. ISSN 0800-7853. p. 19–23.
• Mahler, Tobias (2009). Una definición de riesgo legal. Foro de Derecho Mercantil: Revista Internacional. ISSN 1794-0427. p. 78–113.
• Mahler, Tobias (2008). The State of the Art of Contractual Risk Management Methodologies. In Haapio, Helena (Eds.), A Proactive Approach to Contracting and Law. Turku University Applied Sciences. ISSN 9789522160171. p. 57–74.
• Arenas, A; Wilson, M; Crompton, S; Mahler, Tobias; Schubert, L & Cojocarasu, Dana Irina (2008). Bridging the gap between legal and technical contracts. IEEE Internet Computing. ISSN 1089-7801. 12.
• Mahler, Tobias & Olsen, Thomas (2007). Reputation Systems and Data Protection Law. In Sudarashan, Nimma (Eds.), Data Privacy and Protection : Issues and Perspectives. The Icfai University Press. ISSN 81-314-1375-6. p. 38–51.
• Vraalsen, Fredrik; Mahler, Tobias; Lund, Mass Soldal; Hogganvik, Ida; den Braber, Folker & Stølen, Ketil (2007). Assessing Enterprise Risk Level : the CORAS Approach. In Khadraoui, Djamel & Herrmann, Francine (Ed.), Advances in Enterprise Information Technology Security. IGI Global. ISSN 978-1-59904-090-5. p. 311–333.
• Olsen, Thomas & Mahler, Tobias (2007). Identity management and data protection law: Risk, responsibility and compliance in "Circles of Trust". Computer Law and Security Review. ISSN 0267-3649. 23(4& 5). doi: 10.1016/j.clsr.2007.05.009. Show summary

  Today, we are expected to remember a different user name and password for almost every organisation or domain we want to access on the Internet. Identity management seeks to solve this problem by making digital identities transferable across organisational boundaries. The basic idea is that the participating organisations will set up a collaboration (or circle of trust), which involves both identity providers and other service providers. However, there is a risk that identity management may reduce the users' level of privacy: can the collaborating organisations collect personal information and create a profile which includes the user's interaction with all collaborators? Who is responsible for the processing of personal data if many organisations collaborate? How can the user make informed decisions and consent to the processing of his data? This article seeks to address these issues from the perspective of European data protection law. The paper is split into two parts. This is part I, which introduces and analyses identity management with a focus on technical issues and risks to privacy. Part II will concentrate on data protection law, addressing the roles and responsibilities of collaborators and will analyse how to ensure a compliant interaction with the end-user.

• Olsen, Thomas; Mahler, Tobias; Seddon, Clive; Cooper, Vicky; Williams, Sarah & Valdes, Miguel [Show all 7 contributors for this article] (2007). Privacy & Identity Management : Data Protection Issues in Relation to Networked Organisations Utilizing Identity Management Systems. Complex. ISSN 0806-1912. Show summary

  Today, we are expected to remember a different user name and password for almost every organisation or domain we want to access on the Internet. Identity management seeks to solve this problem by making digital identities transferable across organisational boundaries. The basic idea is that the participating organisations will set up a collaboration (or circle of trust) which involves both identity providers and other service providers. However, there is a risk that identity management may reduce the users' level of privacy: Can the collaborating organisations collect personal information and create a profile which includes the user's interaction with all collaborators? Who is responsible for the processing of personal data if many organisations collaborate? How can the user make informed decisions and consent to the processing of his data? This report seeks to address these issues from the perspective of European data protection law.

• Bing, Jon & Mahler, Tobias (2006). Contractual Risk Management in an ICT Context Searching for a Possible Interface between Legal Methods and Risk Analysis. In Torvund, Olav & Pettersen, Kirsti (Ed.), Yulex 2006. Unipub forlag. ISSN 82-7226-100-6. p. 117–138.
• Mahler, Tobias & Vraalsen, Fredrik (2006). Legal Risk Management for an E-Learning Web Services Collaboration. Complex. ISSN 0806-1912. p. 503–523.
• Mahler, Tobias & Bing, Jon (2006). Contractual risk management in an ICT context searching for a possible interface between legal methods and risk analysis. Scandinavian Studies in Law. ISSN 0085-5944. 49, p. 339–357.
• Vraalsen, Fredrik; Lund, Mass Soldal; Mahler, Tobias; Parent, Xavier & Stølen, Ketil (2005). Specifying legal risk scenarios using the CORAS threat modelling language - Experiences and the way forward. Lecture Notes in Computer Science (LNCS). ISSN 0302-9743. 3477.
• Mahler, Tobias & Olsen, Thomas (2004). Reputation Systems and Data Protection Law. In Cunningham, Paul & Cunningham, Miriam (Ed.), eAdoption and the Knowledge Economy : Issues, Applications, Case Studies. IOS Press. ISSN 1-58603-470-7. p. 180–187.

View all works in Cristin

• Mahler, Tobias (2019). Generic Top-Level Domains: A Study of Transnational Private Regulation. Edward Elgar Publishing. ISBN 978-1-78643-513-2. 280 p.
• McGillivray, Kevin; Esayas, Samson Yoseph & Mahler, Tobias (2016). Give Me a Sign: Expressing Contract Terms and Data Protection Requirements Visually in Cloud Computing. Senter for Rettsinformatikk. ISBN 9788272261428. 1(2016). 20 p.

View all works in Cristin

• Mahler, Tobias (2023). Regulatory steps towards robot autonomy in healthcare settings.
• Mahler, Tobias (2023). Perspektiver på global regulering av kunstig intelligens.
• Mahler, Tobias (2023). The discourse on global AI policy.
• Mahler, Tobias (2023). Legal requirements for Robot Safety and Privacy – contrasting the Machinery Regulation with the GDPR.
• Mahler, Tobias (2023). Kunstig intelligens og tolletaten.
• Mahler, Tobias (2023). Behov for regulating av kunstig intelligens.
• Mahler, Tobias (2023). §147 ChatGPT – advokatroboter neste? [Radio]. Podcast Juspodden.
• Tørresen, Jim; Saplacan, Diana & Mahler, Tobias (2023). Ethical, Legal and User Perspectives on Social and Assistive Robots (ELUPSAR) workshop.
• Hjort, Live Sunniva & Mahler, Tobias (2023). EU har lenge arbeidet med verdens første KI-lov. Her er fem misforståelser om den. Aftenposten (morgenutg. : trykt utg.). ISSN 0804-3116. p. 28–29.
• Mahler, Tobias (2022). Legal Risk Management and Corruption Risks.
• Mahler, Tobias (2022). Forklarbar maskinlæring i lys av EUs foreslåtte KI forordning.
• Tørresen, Jim; Atsushi, Nazawa; Saplacan, Diana; Prestes, Edson; Mahler, Tobias & Weng, Yueh-Hsuan (2022). Tutorial at IROS 2022 - Ethical, Legal and User Perspectives on Robots and Systems (ELAUPORAS) – Assessments and Potential Measures.
• Lie, Runar Hilleren & Mahler, Tobias (2022). Et nettverk av nordiske rettskilder.
• Mahler, Tobias (2022). AI Research and Europe’s Upcoming AI Law. Show summary

  Much of the discourse regarding trustworthy AI systems has emphasised the significance of AI ethics. By comparison, this keynote will focus on the legal regulation of AI in Europe. In 2021, the European Commission proposed a new law to regulate AI in Europe, the Artificial Intelligence Act (AIA). An important question is what this law will mean for scientific research with an AI focus. The talk will also discuss what the law, if adopted, would imply for AI developers. Ultimately, the question is whether the AIA facilitates the creation of trustworthy AI in Europe, or whether it might limit Europe’s abilities to develop competitive AI systems.

• Bygrave, Lee Andrew; Mahler, Tobias & Lintvedt, Mona Naomi (2022). AI Act og Norges handlingsrom .
• Mahler, Tobias (2022). Nye regler om kunstig intelligens.
• Mahler, Tobias (2021). Perspectives on Cybergovernance.
• Mahler, Tobias (2021). Nytt rammeverk fra EU om kunstig intelligens. Show summary

  EU-kommisjonen arbeider med et forslag til juridisk rammeverk for kunstig intelligens gjennom en ny forordning. Den nye forordningen vil på samme måte som GDPR på personvernområdet innebære felles regler i alle EU/EØS-land og innføring av overtredelsesgebyr.

• Mahler, Tobias (2021). Menneske mot maskin. Fordeler og ulemper ved bruken av AI.
• Mahler, Tobias (2021). Rett og roboter.
• Tørresen, Jim; Saplacan, Diana; Lintvedt, Mona Naomi; Mahler, Tobias & Fosch-Villaronga, Eduard (2021). Tutorial: Ethical and Legal Assessments Related to Robots and Systems .
• Saplacan, Diana; Tørresen, Jim; Mahler, Tobias & Fosch-Villaronga, Eduard (2021). Robots and Society: Ethical, Legal, and Technical Perspectives on Integrating Robots in the Home- and Healthcare Systems and Services (RO-SO). Show summary

  The RO-SO tutorial is a continuation of the previous tutorials regarding robots, ethics, legal, and technical aspects. The tutorial is part of the 30th IEEE International Conference on Robot and Human Interactive Communication (ROMAN 2021). It focuses on providing an overview and discussing the ethical, legal, and technical perspectives, including challenges, dilemmas, and advantages and opportunities of integrating robots as part of home- and healthcare systems and services. The following two questions will guide the overall objective for this tutorial, but these will not limit the talks: How does the meaning of good care change when we integrate robots as part of the home- and healthcare systems and services? What does good care mean when we integrate assistive robots as part of the home- and healthcare services? What are some of the ethical, legal, and technical challenges and opportunities when integrating assistive care robots in the home- and healthcare services?

• Mahler, Tobias & Schwemer, Sebastian Felix (2020). Reforming the liability of non-hosting intermediaries.
• Mahler, Tobias (2020). Regulating AI Risk.
• Aronsen, Jan Magnus; De Smedt, Koenraad; Heggland, Ingrid; Dingsør, Liv; Tronstad, Stein & Pedersen, Ole Petter [Show all 8 contributors for this article] (2020). Hvordan få økt deling og gjenbruk av forskningsdata? Khrono.no. ISSN 1894-8995.
• Mahler, Tobias (2020). The intermediary liability of DNS actors.
• Mahler, Tobias (2020). Regulering av kunstig intelligens og oversikt over rettsutviklingen i EU.
• Mahler, Tobias (2019). Robot impact assessments: A suitable regulatory mechanism for addressing robot deception?
• Mahler, Tobias (2019). Robots and Artificial Intelligence on the EU Regulatory Agenda.
• Mahler, Tobias & Eduard, Fosch Villaronga (2019). Cybersecurity Considerations for (Care) Robots.
• Mahler, Tobias (2019). Robot impact assessments.
• Mahler, Tobias (2019). Robotik, artificiell intelligens, skador och försäkringsrätten; kommentar.
• Mahler, Tobias (2019). Multistakeholderism in the Transnational Private Regulation of the Internet.
• Mahler, Tobias (2019). The future of Law: Regulating robots and AI.
• Mahler, Tobias; Bygrave, Lee Andrew & Tørresen, Jim (2019). The VIROS Project: Vulnerability in the Robot Society.
• Mahler, Tobias (2019). Introduction to Robot law.
• Mahler, Tobias (2019). The VIROS project: Vulnerability in the Robot Society.
• Mahler, Tobias (2019). Rett og roboter.
• Mahler, Tobias (2019). Rettslige problemstillinger rundt kunstig intelligens.
• Mahler, Tobias (2018). Hvordan forholder jussen seg til AI?
• Mahler, Tobias (2018). ‘ICANN Shall not Regulate’: A Critical Analysis of ICANN’s Post-Transition Regulatory Powers.
• Fosch-Villaronga, Eduard; Felzmann, Heike; Ramos-Montero, Maria & Mahler, Tobias (2018). Cloud services for robotic nurses? Assessing legal and ethical issues in the use of cloud services for healthcare robots. Show summary

  This paper explores ethical and legal implications arising from the intertwinement of cloud services, healthcare and robotics. It closes an existing gap in the literature by highlighting the distinctive ethical and legal concerns associated with the inter-dependence of the cyber- and the physical aspects of healthcare cloud robotics. The identified core concerns include uncertainties with regard to data protection requirements; distributed responsibilities for unintended harm; achievement of transparency and consent for cloud robot services especially for vulnerable robot users; secondary uses of cloud data derived from robot activities; data security; and wider social issues. The paper aims to raise awareness and stimulate reflection of the legal and ethical impacts on different stakeholders arising from the use of cloud services in healthcare robotics. We show that due to the complexity of these concerns the design and implementation of such robots in healthcare requires an interdisciplinary development and impact assessment process. In light of legal requirements and ethical responsibilities towards end-users and other stakeholders, we draw practical considerations for engineers developing cloud services for robots in healthcare.

• Mahler, Tobias (2015). Desafíos de la Privacidad Digital (panel).
• Weitzenboeck, Emily Mary; Mahler, Tobias & Jones, Andrew J.I. (2015). Introduction. Artificial Intelligence and Law. ISSN 0924-8463. 23(3), p. 197–199. doi: 10.1007/s10506-015-9171-0.
• McGillivray, Kevin; Esayas, Samson Yoseph & Mahler, Tobias (2015). Using Technology to Enhance Confidentiality and Regulatory Compliance by Design. Lov & Data. ISSN 0800-7853. 123(3), p. 21–24.
• Esayas, Samson Yoseph; Mahler, Tobias & Solhaug, Bjørnar (2015). An Integrated Approach for Compliance and Security Risk Assessment. Lov & Data. ISSN 0800-7853. 121, p. 32–35. Show summary

  Organizations that rely on ICT infrastructures need to maintain a high level of information security and protection from cyber-attacks. This is not only due to the self-interest of protecting business critical infrastructures; it is also due to laws that deal with information security. For this reason, technical and legal risks often need to be understood in combination. The RASEN project proposes an approach to integrate compliance and security risk assessment.

• Mahler, Tobias (2014). Visualisation of legal norms, Jon Bing: En Hyllest/A Tribute. Gyldendal Norsk Forlag A/S. ISSN 9788205468504. p. 137–153.
• Mahler, Tobias (2014). New Generic Top Level Domains: Legal and Economic Issues.
• Mahler, Tobias (2013). New gTLD Agreement.
• Mahler, Tobias (2013). eSociety Legal Issues.
• Mahler, Tobias (2013). Public Policy Issues Regarding New Generic Top Level Domains.
• Mahler, Tobias (2013). Vurdering av personvernkonsekvenser -- Privacy Impact Assessment.
• Mahler, Tobias (2012). From Delegation to Allocation: On the Law and Economics of gTLD Policy.
• Mahler, Tobias (2012). Internet Governance and new gTLDs.
• Mahler, Tobias (2012). Managing legal risks of new gTLDs.
• Mahler, Tobias (2012). New top-level domains: Regulatory issues, dispute resolution and rights protection.
• Mahler, Tobias (2012). Criteria for Assessing ICANN’s New TLD Program.
• Mahler, Tobias (2012). A Graphical User Interface for Legal Texts?
• Mahler, Tobias (2012). Nye Internett Toppdomener.
• Mahler, Tobias (2011). Legal Risk Assessment of Introducing a New Internet Top-Level Domain. Show summary

  Internet top-level domains such as .com, .org, .de and .uk are central for the functioning of the Internet. So far, their number has been very limited, but this will change in the proximate future. After years of discussions, the Internet Corporation for Assigned Names and Numbers (ICANN) is opening up the application process for new generic top-level domains (gTLDs). Proposals are likely to include both genuinely generic names such as .music, .bike or .bank and geographic names and abbreviations such as .berlin, .paris and .nyc. In addition, several major corporations are expected to register their brand names as top-level domains. The introduction of a new gTLD is sought by many applicants in order to offer registry services in an expanding market for Internet domain names. In some cases new gTLDs may also facilitate novel and innovative business models. On the other hand, applying for a new gTLD can be quite costly, since an applicant has to disburse inter alia a substantial application fee and possible costs of an auction, in addition to start-up costs. Applicants therefore need to carefully assess and manage risks related to the project of introducing a new gTLD. From the applicant’s perspective, relevant risks can be related to the business model, to the applicant’s financial situation or to operational, technical and legal issues. The assessment of legal risks – which is the key focus for this paper – is essential for any applicant, for at least two reasons. First, it is in the interest of the applicant to identify and manage legal risks in an early phase when cost-efficient proactive action is still possible. In addition, all applicants even need to include a contingency plan in their applications, and the quality of this plan will count for the application’s success. This explicitly includes the relevance of any regulation, law or policy that might impact the project. Applicants are evaluated based on a scoring system, and in order to achieve the highest score, they must show that they have thoroughly identified the key risks and the chances that each will occur, including legal risks.

• Mahler, Tobias (2011). New generic Top-Level-Domains (gTLDs).
• Mahler, Tobias (2011). Analyse av kontraktsrisiko.
• Mahler, Tobias (2011). Rettslige krav til risikovurderinger for IDforvaltning.
• Mahler, Tobias (2011). Legal Risk Management as a Methodical Perspective on Uncertainty and Complexity.
• Mahler, Tobias (2011). Hvordan kan rettslige spørsmål integreres i en risikovurdering?
• Mahler, Tobias (2011). Datalagringsdirektivet slik tyske og rumenske domstoler har vurdert det.
• Mahler, Tobias (2010). The lawyer in 2020.
• Mahler, Tobias (2010). Juridisk risikostyring i ID-systemer: Verktøybasert kontraktanalyse.
• Mahler, Tobias (2010). Lagringsdirektivet kan koste 2 Mrd. [Newspaper]. Computerworld.
• Mahler, Tobias (2010). Juristisches Risikomanagement: Eine Methode zur Ergänzung rechtlicher Analysen?
• Mahler, Tobias (2009). Jurister på vei til Neandertal? Omtale av Richard Susskind: The end of lawyers? Lov & Data. ISSN 0800-7853. p. 20–21.
• Mahler, Tobias (2009). Visualising legal risk.
• Mahler, Tobias (2009). Rettslige risikovurderinger: metoder og modeller.
• Mahler, Tobias (2009). Hvordan analysere legale risikoaspekter i tillitshåndtering?
• Mahler, Tobias (2009). Legal risk management.
• Mahler, Tobias (2009). Visualising Legal Risk.
• Mahler, Tobias (2008). How can we analyze contractual risk? Contracting Excellence. ISSN 1937-9765. 1(5), p. 15–16.
• Mahler, Tobias (2008). Defining Legal Risk. In Nystén-Haarala, Soili (Eds.), Corporate Contracting Capabilities : Conference proceedings and other writings. University of Joensuu, Department of Law. ISSN 978-952-219-126-7. p. 51–77. Show summary

  What is legal risk? This category of risk is often mentioned in the context of enterprise risk management and financial risk management. Legal risk also is a central concept in legal risk management. However, the definitions given for legal risk differ widely, and no generally accepted notion of legal risk seems to exist. The objectives of this paper are to review, systematize and analyse existing definitions of legal risk. This paper proposes a context-independent definition and classification of legal risk, based on norm theory.

• Mahler, Tobias (2008). A method for legal risk management, exemplified in a case study on IT outsourcing.
• Mahler, Tobias (2008). Rettslig risiko og compliance.
• Mahler, Tobias (2007). Defining Legal Risk. Show summary

  What is legal risk? This category of risk is often mentioned in the context of enterprise risk management and financial risk management. Legal risk also is a central concept in legal risk management. However, the definitions given for legal risk differ widely, and no generally accepted notion of legal risk seems to exist. The objectives of this paper are to review, systematize and analyse existing definitions of legal risk. This paper proposes a context-independent definition and classification of legal risk, based on norm theory.

• Mahler, Tobias (2007). A Case Study on Legal Risk Management in ICT Outsourcing.
• Mahler, Tobias (2006). Sikkerhetspolicies som normative virkemidler for å oppnå informasjonssikkerhet.
• Mahler, Tobias (2006). The concept of legal risk in the context of legal risk management.
• Mahler, Tobias; Arenas, Alvaro & Schubert, Lutz (2006). Contractual Frameworks for Enterprise Networks & Virtual Organisations in E-Learning. Show summary

  The increasing demand for business collaborations over the Internet (eBusiness) requires prospective partners to set up their cooperation in a timely fashion, without loosing time with negotiating complicated legal contracts. On the other hand, if problems arise, collaborators will want to fall back on a contractual framework that adequately addresses the main legal issues. Electronic collaborations cover a wide variety of application domains, potentially involving parties from different countries and thus from different legal backgrounds – much more complex than what most approaches to electronic contracts are able to cover, since they mainly focus on specifying selected operational terms. This paper will therefore outline an approach towards a contractual framework that combines operational electronic contracts with a more long-term legal framework, which caters for both organisational and business issues of electronic collaborations. This will be exemplified with a business scenario in the field of eLearning.

• Mahler, Tobias (2006). Privacy and Identity Management.
• Mahler, Tobias (2006). TrustCoM, et EU-prosjekt om rammeverket for virtuelle organisasjoner og elektroniske markedsplasser. Juridisk risikoanalyse av eLearning case.
• Mahler, Tobias & Vraalsen, Fredrik (2006). Legal Risk Management for an E-Learning Web Services Collaboration.
• Olsen, Thomas & Mahler, Tobias (2006). Privacy and Identity Management.
• Olsen, Thomas; Mahler, Tobias; Seddon, Clive; Cooper, Vicky; Williams, Sarah & Valdes, Miguel [Show all 7 contributors for this article] (2005). Privacy in Relation to Networked Organisations and Identity Management. Yulex. ISSN 1503-5999. p. 57–67. Show summary

  This paper summarizes the findings of the study on privacy in relation to networked organisations and identity management, carried out by the Legal-IST project (www.legal-ist.org). The focus of the study is on privacy and data protection aspects of networked organisations and on the use of identity management technologies, in particular multi-organisation single sign-on and federated identity management. In principle, both networked organisations and organisational networks to facilitate identity management may involve the processing of personal data, particularly if the networks are set up to serve consumers. From a data protection perspective, the main issue to be addressed is how the responsibility for processing personal data can be shared among the participants and the degree to which a network participant is legally responsible for collective processing of personal data. The study provides an analysis of the networking parties’ duties and roles under data protection law and provides guidelines and model contracts to comply with the legal framework. The European data protection framework for collaborative networks is highlighted, including selected recommendations of the Art 29 Working Party of the European Directive on Data Protection. Organisational networks to facilitate identity management are discussed both in relation to government-built networks and, in particular, in relation to identity management schemes set up by a network of enterprises

• Mahler, Tobias (2005). TrustCoM - Rechtliche Voraussetzungen für Vertrauen in virtuellen Organisationen.
• Mahler, Tobias (2005). Searching for interfaces between legal methods and risk analysis.
• Wilson, Michael; Arenas, Alvaro; Chadwick, David; Dimitrakos, Theo; Doser, Jürgen & Golby, David [Show all 16 contributors for this article] (2005). The TrustCoM Framework v0.5.
• Vraalsen, Fredrik; Lund, Mass Soldal; Mahler, Tobias; Parent, Xavier & Stølen, Ketil (2005). Specifying Legal Risk Scenarios Using the CORAS Threat Modeling Language. Experiences and the Way Forward.
• Mahler, Tobias & Vraalsen, Fredrik (2005). Legal Risk Analysis with Respect to IPR in a Collaborative Engineering Virtual Organization. Show summary

  Establishing and operating a virtual organization implies a number of challenges from many different perspectives, including socio-economic, organizational, legal and computational issues. This paper focuses on the legal aspects with a particular view on legal risks with respect to intellectual property rights. A risk analysis with respect to legal issues can either be based on abstract legal reasoning or it can focus on the business reality and the specific characterizations of the virtual organization. This paper follows the latter approach; it presents selected findings of a legal risk analysis of a business scenario in the collaborative engineering field. The legal risk analysis was performed in collaboration between lawyers and other professionals in order to highlight how different legal and non-legal aspects relate to each other. Graphical models of risks and treatments were utilized in order to reduce communicational barriers between experts in this multidisciplinary setting.

• Cooper, Vicky; Conte, Marco & Mahler, Tobias (2005). Legal Issues in SME Clusters.
• Mahler, Tobias (2004). Bruk av CORAS for juridisk risikoanalyse.
• Mahler, Tobias & Olsen, Thomas (2004). Rettslige problemer knyttet til bruk av anonymitetsservere på Internett.
• Mahler, Tobias & Olsen, Thomas (2004). Omdømmesystemer.
• Mahler, Tobias & Olsen, Thomas (2004). Reputation Systems and Data Protection Law. Show summary

  Reputation systems can be used to provide relevant information about others when we interact with persons we do not know. However, reputation systems are challenged by concerns about privacy and data quality. This paper assesses how data protection law affects the design and the operation of reputation systems.

• Mahler, Tobias & Olsen, Thomas (2004). Reputation Systems and Data Protection Law.
• Mahler, Tobias (2004). Tillit og sikkerhet i virtuelle organisasjoner -- fra et juridisk perspektiv.
• Krogstie, John; Storsul, Tanja; Frigessi, Arnoldo; Lyngstad, Cathrine Pihl; Andreassen, Eirik & Martinkenaite, Ieva [Show all 13 contributors for this article] (2023). Overordnede tiltak - Andre notat fra rådgivende ekspertgruppe for KI-satsingen. Norges forskningsråd.
• Storsul, Tanja; Rettberg, Jill Walker; Brandtzæg, Petter Bae; Frigessi, Arnoldo; Strumke, Inga & Mahler, Tobias [Show all 12 contributors for this article] (2023). 1. notat fra rådgivende ekspertgruppe for KI-satsingen: Nåsituasjon og forventninger. Forskningsrådet.
• Aronsen, Jan Magnus; De Smedt, Koenraad; Heggland, Ingrid; Dingsør, Liv; Tronstad, Stein & Pedersen, Ole Petter [Show all 10 contributors for this article] (2021). Hvordan skal vi dele forskningsdata? Utredning og anbefalinger om lisensiering og tilgjengeliggjøring. Norges forskningsråd. ISSN 9788212039018.
• Mahler, Tobias (2010). Legal Risk Management. Developing and Evaluating Elements of a Method for Proactive Legal Analyses, With a Particular Focus on Contracts. Det juridiske fakultet - Universitetet i Oslo. ISSN 1890-2375.

View all works in Cristin