Cyber Law as a Future Skill: UZH Launches New Module on Digital Law, Data Protection, and AI Regulation

Leyla Ciragan

Law is the infrastructure of the digital society. Without it, data protection, digital fairness, or AI ethics would remain little more than good intentions. With the new module “Cyber Law – Data protection, AI, and Cybersecurity”, the University of Zurich will, starting in fall semester 2025, offer a forward-looking course dedicated to the complex field of digital law – interdisciplinary, practice-oriented, and open to Master’s and doctoral students from all disciplines.
The module was initiated by CYRENZH  Lead Education Dr. Leyla Ciragan. Its academic concept and teaching are designed and conducted by Dr. Lukas Staffler, LL.M., a recognized expert in data law, AI, and cybersecurity regulation in Switzerland and Europe.

Law as an Enabling Framework

Digital technologies are often developed faster than they are legally assessed. Many companies and research teams ask themselves: What is legally permitted? How may we use data? Who is liable for AI misconduct? What security requirements apply to critical infrastructures? What is ethically acceptable? And not least: What should we do when the law itself is unclear or incomplete?

Digital transformation changes not only technologies but also the rules. Unfortunately, the legal perspective is often perceived as burdensome or obstructive and is usually considered only when things go wrong.

The module “Cyber Law – Data protection, AI, and Cybersecurity” deliberately starts earlier. It demonstrates that law does not merely impose boundaries but also creates space: for innovation, for trust, for strategic design. Those who understand the legal framework can not only avoid risks but also identify opportunities and use them responsibly. The module provides orientation in a highly dynamic legal and societal field. It is not just about legal clauses, but about questions such as:

  • How can I, as a researcher, work with sensitive data without violating the law?
  • What does the European AI Act mean for Swiss companies?
  • How can cybersecurity and data protection requirements be reconciled with innovation?

Law is taught here not for its own sake, but as essential knowledge for complex decision-making:

  • How do I gain legal clarity in a dynamic environment?
  • How do I communicate legal uncertainty constructively within a team?
  • How do I use legal know-how as a project resource?

This shift – from mere risk avoidance to active enablement – is a central didactic and conceptual goal of the module.

Taking Responsibility – Beyond One’s Own Discipline

Digital technologies raise questions that no single discipline can answer alone. That is why we need people willing to take responsibility across disciplinary boundaries – for decisions, for communication, for ethical orientation. This is precisely the skill set strengthened in the module “Cyber Law – Data protection, AI, and Cybersecurity” .

Participants are confronted with uncertainty, ambivalence, and conflicting goals – and in turn, learn to argue not only from within their own discipline but also to understand and integrate other perspectives. IT specialists, for example, gain insights into legal reasoning, while law students learn how technical feasibility and normative questions interact.

Thus, a learning environment emerges that not only imparts knowledge but also strengthens the ability to assume societal responsibility in digital contexts. In the end, it is not only about compliance but about shaping competence.

Law becomes a shared reference point in interdisciplinary communication: a language of boundaries, but also an instrument of trust, reliability, and shared responsibility.

“Legal Literates”: Legal Thinking as a Competitive Advantage

This module is for anyone seeking to take responsibility in the future – in tech startups, research projects, public administration, or NGOs. It fosters skills highly sought after in the job market:

  • Regulatory thinking: What applies where, and why? (Understanding compliance, data protection, AI, and IT security requirements)
  • Strategic judgment: What legal options exist? (Assessing risks, decision-making, and legal courses of action)
  • Translation skills: How do I explain legal requirements to a team? (Translating legal concepts for teams, project leads, or external partners)

Participants learn to think beyond their disciplinary boundaries, identify problems, make them comprehensible to others – and develop viable solutions. They become “Legal Literates”: people who not only apply the law but use it strategically, asking the right questions at critical moments. They position themselves not only as subject experts but also as bridges between technology, law, and organization – a profile in high demand across many fields, from project management and IT consulting to research, teaching, and strategic corporate development.

Especially in transition phases – entering the workforce, joining interdisciplinary teams, or building a startup – this legal orientation knowledge provides a reliable anchor.

Participants acquire not only theoretical knowledge but also practical patterns of reasoning and communication relevant for digital everyday life – whether in project discussions, internal training sessions, or in exchanges with external stakeholders. Anyone seeking to build bridges between technology, law, and organization, and to assume (societal) responsibility, will find the right tools in this module.

CYRENZH  as a Driver of Legal Resilience

This course is another flagship project of the Cyber Resilience Network Zurich (CYRENZH ). CYRENZH ’s goal is to strengthen digital resilience holistically – technically, socially, legally, and educationally.

With “Cyber Law – Data protection, AI, and Cybersecurity” CYRENZH  addresses a particularly critical dimension of resilience: understanding and applying digital legal norms in a world that changes faster than legislation can keep up.

“Many fear the uncertainties in the law more than actual violations,” says Dr. Lukas Staffler, who designed the module both didactically and conceptually. “We want to show students that law does not only restrict but also enables – if you understand and use it wisely.”

Staffler’s teaching combines hands-on application with strategic depth. Alongside his legal practice, the specialist in European criminal, data, and cybersecurity law teaches at several universities across the DACH region – including the University of Zurich and the Management Center Innsbruck – and contributes to interdisciplinary research projects on digital resilience. As a certified compliance officer, he advises companies on the legal challenges of digital transformation – from AI systems to data protection to international cybercrime issues. With the Cyber Law module, his aim is not just to convey legal competence, but to make it usable – for innovation, responsibility, and strategic thinking, across disciplines and career paths.

Added Value Through Guest Speakers: Practice Meets Diversity of Perspectives

A particular highlight of the module is the inclusion of short guest inputs from experts in Lukas Staffler’s professional network. In concise 10–20 minute contributions, practitioners from law, tech, compliance, medicine, or administration provide insights into real-world challenges and decision-making situations. Planned topics include:

  • Project management
  • Legal consultancy
  • Startups

These short interventions open doors to professional practice, make expertise tangible, and expand the thematic scope far beyond purely legal issues.

At the same time, they offer strong didactic value: serving as impulses for case solutions, group reflections, or methodological comparisons. Students thus benefit not only from content but also from learning how to engage critically, respectfully, and application-oriented with experts – a key skill in complex, digitally shaped professional environments.

The Module

“Cyber Law – Data protection, AI, and Cybersecurity” will launch in fall semester 2025. Enrollment is via the University of Zurich’s course catalog.

The module is designed as a blended-learning course, combining theory with application. It consists of three in-person phases, interspersed with asynchronous self-study units.

Introduction (on-site)

  • Role of law & ethics in the digital society
  • How laws are created and interpreted
  • Overview of relevant legal fields

Topic Block 1: Cybersecurity Law

  • Key concepts & stakeholders
  • Ransomware, prevention strategies
  • Overview of Swiss, EU, and international regulation
  • Soft law, ISO/NIST/ENISA standards
  • Group task: certification comparison & case application

Topic Block 2: AI Law & AI Act

  • Overview of EU regulation (AI Act)
  • Application to the Swiss context
  • Risk classification & workshop: how to regulate a chatbot
  • Compliance management & tools
  • Group task: analysis of compliance systems

Practice Project: Designing Legal Trainings

  • Developing legal training modules for startup management
  • Topics: cybersecurity (prevention & response), AI in HR & education
  • Final presentations with peer feedback

Target Group and Learning Outcomes

The module is aimed at Master’s and doctoral students from all disciplines. Particularly relevant fields include law, economics, computer science, sociology, medicine, and education.

By the end of the course, participants will be able to:

  • Understand legal contexts: Overview of Swiss and EU laws on data, AI, and IT security
  • Assess risks: How “risky” is a cloud solution, really?
  • Communicate across disciplines: What does the AI Act mean for my organization – from IT, legal, ethics, and PR perspectives?
  • Advise organizations and research teams: Acting as the first legal contact point within a team
  • Convey law in understandable ways: Designing trainings and workshops

Didactics: Blended Learning with Application Focus

The module deliberately avoids classical lecture-style teaching and instead offers diverse formats that impart not only knowledge but also transferable key competencies:

  • Strategic thinking
  • Presentation and training skills
  • Risk-based decision-making
  • Empathic thinking in the tension between law, technology & society

A key focus is the development of so-called legal literacy: understanding, contextualizing, applying – and conveying legal issues. This also includes role-based perspective-taking, e.g., as an IT security officer or a CEO after a data breach.

The module’s aim is to make law accessible, interactive, and engaging. No prior legal knowledge is required – what matters is the willingness to embrace new perspectives.

The teaching culture is open, participatory, and reflective: questions are welcome, opinions are valued, and different disciplinary logics are not in competition but complement each other. Participants actively bring in their own perspectives and experiences – from medicine, IT, sociology, law, and more. This creates a learning environment that fosters intellectual curiosity while leaving room for uncertainty.

When dealing with digital legal issues, there is rarely one “right” answer – instead, multiple perspectives are reflected upon, debated, and further developed. This interactive, reflective approach fosters not only legal understanding but also the interdisciplinary collaboration skills increasingly demanded in modern professional fields.

Learning happens not only through instructors’ input but also through exchange among peers – in the best sense of a collective, practice-oriented learning process. For instance, one group project requires students to design a 30-minute training session for a startup’s management team. Options include:

  • How to legally identify a security incident
  • What to do if customer data is stolen
  • How to deploy AI in recruitment in a legally compliant way

The task is to design a training that explains and “translates” relevant laws so they become practically applicable for decision-makers.

Conclusion: Digital Law as a Key Future Skill

“Cyber Law – Data protection, AI, and Cybersecurity” meets the spirit of the times – both in content and methodology. It is:

  • Providing orientation: In a confusing digital legal landscape
  • Empowering: Law as a tool rather than a threat
  • Interdisciplinary: Accessible to non-lawyers
  • Transferable: Content applicable in further training, research, and industry

Anyone working in a digitalized world needs more than just technical expertise – they need legal orientation, risk competence, and communication skills. This new Cyber Law module offers precisely that, to all who want to help shape the digital society.

It is explicitly aimed not only at law students but at anyone wishing to critically and responsibly engage with digital technologies. Its strength lies in the fact that engineers, sociologists, medical professionals, educators, designers, and lawyers will learn, think, and take responsibility together.

Whether in research, product development, or public administration – anyone seeking to work confidently with digital technologies must understand their legal dimensions. This module provides the necessary toolkit – solid, practice-oriented, and future-focused.

What unites participants: the need for orientation, the commitment to ethical practice – and the courage to act informedly in complex times rather than merely reacting.

CYRENZH  sees this module as the starting point for a new generation of decision-makers who not only understand technology but can also place it in legal and societal contexts. Attending this module will not make you a fully trained lawyer – but perhaps the very person who, in critical moments, asks the right questions, identifies risks, and brings legal clarity to complex projects.

Learn more & get involved

Would you like preliminary information or are you interested in collaborating? Contact us!

👤 Course director: Dr. Lukas Staffler | CYRENZH  Lead Education: Dr. Leyla Ciragan
🏛 Offered at: University of Zurich | School for Transdisciplinary Studies