Cybersecurity: balancing public interest and innovation incentives

Compulsory licensing has long been associated with moments of urgent public interest. The COVID-19 pandemic brought the mechanism back into focus, not because it was widely used, but because it was widely debated. Only a handful of compulsory licenses were issued, yet governments across the globe considered the option, amended legislation, or signaled their readiness to act if voluntary solutions proved insufficient. Vaccines, antivirals, and diagnostic tools became the symbols of this debate, showing how Intellectual Property can suddenly be drawn into the center of public health emergencies.

Beyond pandemics, compulsory licensing has also been discussed in connection with environmental events and national infrastructure, where essential technologies are concentrated in the hands of a few holders. These discussions remind us that compulsory licensing remains an exceptional mechanism, designed for extraordinary circumstances, but one that can attract significant political and legal attention in times of crisis.

More recently, a new frontier is emerging in this debate: cybersecurity and national defense. As societies become increasingly dependent on digital infrastructure, the resilience of information systems is no longer just a technical issue but a matter of national security, economic stability, and even public safety. The question now is whether cybersecurity could become the next area where compulsory licensing is demanded, and what such a development would mean for the delicate balance between public interest and the protection of Intellectual Property rights.

Modern life runs on digital networks. From hospitals and financial systems to power grids, transport systems, and defense operations, the continuity of essential services depends on secure digital infrastructure. Cyberattacks have already demonstrated their potential to disrupt economies, threaten democratic institutions, and endanger lives. In this environment, cybersecurity technologies are as essential as medicines in a pandemic: without them, the resilience of entire societies—and the security of states—can be compromised.

Patents cover many of the building blocks of cybersecurity such as encryption methods, secure hardware modules, intrusion detection algorithms, amidst others. In theory, compulsory licensing could ensure access to these tools if market solutions fail during a crisis. The rationale is straightforward: if governments can contemplate overriding exclusivity to protect public health or the environment, why not also to protect against cyber threats that endanger critical infrastructure and national defense?

At the same time, extending compulsory licensing into cybersecurity raises unique challenges. The public-interest justification may be clear, but the practical implementation is far less straightforward than in other sectors. These challenges form the core of this debate.

National Defense Dimension

The defense context adds a new layer of urgency. Cybersecurity is now a central element of national defense strategies, as hybrid warfare increasingly combines traditional military force with electronic interference and cyberattacks. NATO, the EU, and several national governments have already declared that GPS jamming, interference with satellite systems, and cyber intrusions represent forms of hybrid warfare.

A recent incident illustrates this vividly: European Commission President Ursula von der Leyen’s plane was forced to land in Bulgaria after losing GPS navigation midair, reportedly due to interference attributed to Russian hybrid operations near the border. The aircraft had to rely on paper maps for navigation, exposing the vulnerability of even the highest levels of government to cyber and electronic disruptions.

This case has amplified European fears over deliberate interference with Western digital infrastructure. NATO Secretary-General Mark Rutte called the threat “increasing every day,” framing GPS jamming, undersea cable sabotage, and cyberattacks on health systems as part of the same hybrid campaign. For policymakers, this transforms cybersecurity from a sectoral issue into a matter of collective defense and sovereignty, demanding rapid and coordinated responses.

Compulsory licensing in this context could, at least in theory, be considered to guarantee access to essential defensive technologies during emergencies, whether encryption methods, intrusion detection algorithms, or post-quantum cryptography. However, as with public health, the national security angle only sharpens the inherent paradox: while access may be justified in the name of security, disclosure of sensitive know-how could weaken resilience and even empower adversaries.

The Core Dilemma

The cybersecurity context has nuances and exposes the limitations of compulsory licensing more clearly than almost any other field. Much of cybersecurity’s strength lies not in patents but in trade secrets, source code, and operational expertise that cannot easily be subjected to compulsory licensing without creating more risks than benefits.

This leads to a deeper dilemma: even if compulsory licensing were expanded to cybersecurity and defense, governments would hesitate to mandate disclosure of sensitive know-how. Releasing details of encryption, system vulnerabilities, or defense protocols could inadvertently empower malicious actors, undermining the very objective of strengthening resilience.

The urgency of this debate is heightened by the speed of technological developments and the continuous evolution of processing power.

For example, quantum computing is an emerging technology that has the potential to upend today’s digital security. Algorithms that secure most online communications could be broken once sufficiently powerful quantum machines are available. Governments and companies are already racing to deploy post-quantum cryptography.

In a scenario where quantum-resistant tools would be urgently needed but not widely available, the temptation to invoke compulsory licensing could arise. For patent holders, this underscores the importance of clear international frameworks: without them, unilateral measures could trigger disputes and weaken the incentive to invest in quantum-safe security technologies.

Even without quantum breakthroughs that may arise, advances in computing power are already eroding the durability of today’s security standards. AI accelerators, more powerful processors, and next-generation chips shorten the time needed for “brute-force” attacks. What once seemed unbreakable for decades can become vulnerable within years. This means that cybersecurity innovation cannot stand still and access to proprietary countermeasures will remain critical.

Both trends highlight a core reality: compulsory licensing frameworks, developed for slower-moving industries, may not be well suited to the fast-moving and secretive nature of cybersecurity. The fragility of the balance between public interest and IP protection will only grow sharper as technology accelerates.

Conclusion

Cybersecurity is increasingly recognized as an essential component of national security and resilience, comparable in importance to public health, the environment, or critical infrastructure. It is natural that the debate on compulsory licensing would eventually extend into this domain. But cybersecurity also reveals the mechanism’s limitations more than any other sector: patents alone cannot deliver security, which instead depends on a constantly evolving mix of patents, trade secrets, and operational expertise. At the same time, trade secrets cannot be disclosed without risk, and innovation depends on strong and predictable incentives.

The incident with von der Leyen’s plane has made clear that cybersecurity is now inseparable from defense and sovereignty. Governments will continue to face pressure to act decisively during crises, but they must ensure that measures taken do not erode the very innovation and confidentiality that underpin long-term security.

As emerging technologies such as quantum computing, semiconductors and faster processors reshape the technological landscape, a tension between public interest and private rights may intensify. Governments will face pressure to act quickly in crises, but they must do so without undermining the very innovation that provides long-term security.

The challenge, therefore, is to strike a balance. Compulsory licensing may have a role to play as an extraordinary measure, but it cannot substitute investment, R&D and the current innovation infrastructure. Patent holders are an indispensable partner in building secure, resilient digital societies and policymakers can recognize this partnership and ensure that security is strengthened without eroding the foundations of innovation.

‍