The paper addresses the over-reliance on GDPR in digital privacy research by systematically normalizing heterogeneous global data protection laws into a unified, data-lifecycle-aligned abstraction.

The paper proposes Sovereign 2.0, a control-plane-centric model redefining cloud sovereignty as enforceable governance authority and operational control, rather than mere data location.

This paper analyzes location-data provenance risks across multiple European sectors, proposing a risk taxonomy and architectural design for a next-generation digital trust infrastructure that treats l…

This paper provides a systematic regulatory mapping and compliance architecture for AI agents operating under the complex web of EU laws, concluding that high-risk agents with untraceable behavioral d…

The paper introduces APLiance, a novel ABAC framework that models privacy policies as access requests and checks their compliance against legal requirements by mapping law sections to ABAC rules.

The paper proves that standard account-based ledgers cannot non-custodially enforce asset disposition, and introduces a novel commitment-based ledger structure, the 'envelope,' that achieves this capa…

This paper reviews recent EU AI regulatory documents to clarify definitions and synthesize current provisions regarding security, privacy, and autonomous agentic AI.

The paper develops a unified, cross-layer security framework for autonomous LLM agents operating in agentic commerce, identifying key attack vectors and proposing a layered defense architecture.

The paper addresses the 'agent attribution' problem—the inability to trace harmful or misbehaving AI agents back to their deploying account—by proposing a robust, canary-based protocol for vendors to…

The paper proposes replacing individual agent autonomy with a structured 'social contract' and institutional Separation of Power (SoP) to mitigate systemic failures and deceptive behavior in multi-age…

The paper demonstrates that current transfer-based AML systems fail in complex DeFi environments because economic value migration can be structurally decoupled from explicit token transfers.

The paper proposes Federated Computing as Code (FCaC), a declarative architecture that enforces sovereignty-critical constraints in federated systems by compiling authority into cryptographically veri…

The paper proposes bPk#, a distributed architecture for pseudonyms that enhances privacy and availability in national eID systems by delegating pseudonym computation rights to users and service provid…

The paper proposes a portable authorization standard for autonomous agents, addressing the structural gaps in existing identity models when agents operate across organizational boundaries.

This paper introduces the Machine Identity Governance Taxonomy (MIGT), a comprehensive framework designed to govern the rapidly expanding and currently ungoverned machine identities used by AI systems…

The paper argues that post-hoc mitigation techniques like machine unlearning are insufficient to cure legal liability arising from the unlawful acquisition and training on copyrighted data, advocating…

The paper evaluates web tracking across ten countries, finding that opt-in jurisdictions (like the EU) generally enforce stronger privacy protections, significantly reducing tracker connections compar…

This scoping review analyzes the 'Cybercrime as a Service' (CaaS) model, concluding that its commercialization lowers the barrier to entry for cybercrime, increases attack sophistication, and poses si…

The paper argues that the Authorization-Execution Gap (AEG)—the divergence between intended authorization and actual execution—is a critical safety and security flaw in open-world agents, requiring so…

The paper introduces GAAP, an execution environment that deterministically guarantees the confidentiality of private user data by enforcing user-defined permission specifications on AI agents, even ag…