Publications

This page lists my publications.

• Essays and opinion pieces
• Reports
• Artificial Intelligence
• Privacy and anti-surveillance
• Academic publications
• Other publications

You can find my earlier writings on the blog of TU Delft.

Essays and opinion pieces

• Communications of the ACM, Privacy Washing through PETs: the Case of Worldcoin, 28 March 2025. [Archive]

• Tech Policy Press, Will Ireland be Big Tech’s Lapdog Yet Again?, 26 March 2025. [Archive]

• Tech Policy Press, EU’s AI Act: Tread the Guidelines Lightly, 21 February 2025. [Archive]

• Euractiv, A false start is not an option for the EU AI Office, 10 July 2024. [Archive]

• Tech Policy Press, Hope: The AI Act’s Approach to Address the Environmental Impact of AI, 21 May 2024. With Zuzanna Warso. [Archive]

• Mediapart, IA : l’autorégulation des modèles de fondation mettrait en danger les droits humains, 4 December 2023. With Xavier Brandao. [Archive]

• Euronews, Regression to self-regulation means the EU AI Act will fail to plug the harms, 22 November 2023. [Archive]

• Euronews, Not regulating AI should be out of the question, 15 November 2023. [Archive]

• Euractiv, Will the AI Act clip the wings of regulators?, 19 October 2023. [Archive]

• Nikkei Asia, Japan should seize chance to get generative AI rules right, 19 June 2023. [Archive]

• Euronews, What can the EU learn from China’s generative AI regulation before it adopts its AI Act?, 23 May 2023. [Archive]

• Bulletin of the Atomic Scientists, How to deal with an AI near-miss: Look to the skies, 9 May 2023. [Archive] [Journal version]

• Euractiv, Prevent, rather than only report, serious AI incidents, 7 July 2022. [Archive]

  • German translation, 8 July 2022.

• Euractiv, The EU AI law will not be future-proof unless it regulates general purpose AI systems, 30 May 2022. With Risto Uuk. [Archive]

  • German translation, 30 May 2022.
  • Greek translation on Euractiv, 31 May 2022.
  • Simplified Chinese translation, 31 May 2022.
  • Danish translation on DataTech, 21 June 2022.

Reports

• Bias evaluation. 23 January 2025 (Written in March 2024). Available at EDPB and BfDI

• Effective implementation of data subjects’ rights. 23 January 2025 (Written in March 2024). Available at EDPB and BfDI

• How to deal with an AI near-miss: Look to the skies. Bulletin of the Atomic Scientists, Volume 79, 2023 - Issue 3: Special issue: Early warnings and near misses: Lessons we still haven’t learned. Available at Taylor & Francis. [Archive]

• The role of the trust category for the development of new data protection approaches. With Markus Uhlmann and Michael Weiler. Amsterdam Privacy Conference, October 2018. Available at ResearchGate.

Artificial Intelligence

• AI system definition guidelines fail to provide clarity, 7 February 2025. Available at ICCL.

• Submission on the Prohibitions under the EU AI Act, 9 December 2024. Available at ICCL.

• Submission to the European Commission on the establishment of the Scientific Panel under the EU AI Act, 8 November 2024. Available at ICCL.

• The hazard of industry influence on the independent scientific panel, 24 September 2024. Available at ICCL. [PDF]

• Submission to the Irish Government on AI Act Implementation, 16 July 2024. Available at ICCL. [PDF]

• The UK Competition Authority Should Investigate the AI Partnerships now, 13 May 2024. Available at ICCL. [PDF]

• Submission to European Commission on dual-use R&D funding, 30 April 2024. Available at ICCL. [PDF]

• ICCL Enforce Urges European Commission to Address Concentration in AI, 11 March 2024. Available at ICCL.

• Submission to European Commission on Microsoft-OpenAI “partnership” merger inquiry, 30 January 2024. Available at ICCL. [PDF] [Financial Times] [Politico-1] [Politico-2]

• Submission on Microsoft-OpenAI “partnership” merger inquiry, 9 January 2024. Available at ICCL. [PDF] [Politico] [Euractiv] [TechCrunch] [Financial Times]

• Product Liability Directive: A lost opportunity for the EU, 14 December 2023. Available at ICCL.

• ICCL submission on G7 generative AI consultation, 25 October 2023. Available at ICCL.

• ICCL recommendations in European Commission’s AI standardisation request, 12 June 2023. Available at ICCL.

• ICCL recommendations in important European Parliament text on the AI Act, 10 May 2023. Available at ICCL.

• EUs AI Liability regime should apply strict liability, 28 November 2022. Available at ICCL. [PDF]

• New liability rules on product and AI are encouraging but need improvement, 4 October 2022. Available at ICCL.

• European Parliament embraces ICCL recommendations on the Artificial Intelligence Act, 5 May 2022. Available at ICCL.

• Technical errors in the AI Act, 8 March 2022. Available at ICCL. [PDF] [Politico]

• Flaws in ex-post enforcement in the AI Act, 15 February 2022. With Johnny Ryan. Available at ICCL. [PDF] [Politico]

  • Update on 1 April 2022: Three column document with amendments to strengthen the enforcement powers of market surveillance authorities and to monitors providers. [PDF]
  • Update on 29 April 2022: Many of these amendments have been included in the IMCO-LIBE joint report from the European Parliament. See especially Amendments 172, 219, 258-270.

• Submission to the consultation on adapting the liability rules to the digital age and artificial intelligence, 7 January 2022. Available at ICCL. [PDF]

• A serious loophole in Europe’s draft AI Regulation?, 27 October 2021. With Johnny Ryan. Available at ICCL. [PDF]

  • Update on 11 November 2021: Two column document with amendments to fix the AI Regulation’s scope errors. [PDF]
  • Update on 15 February 2022: Three column document that describes how Council’s partial compromise text does not address the scope errors to protect rights. [PDF]

Privacy and anti-surveillance

• ICCL recommendations in European Parliament text on the Health Data Space, 29 November 2023. Available at ICCL.

• Ombudsman: European Commission’s concealment of secret ‘expert list’ on CSAM regulation constitutes ‘maladministration’, 6 November 2023. Available at ICCL. [Euractiv] [Politico] [Silicon Republic] [Netzpolitik.org] [The Register] [Techdirt]

• Problems with the secondary use of health data in the European Health Data Space, 22 March 2023. With Johnny Ryan. Available at ICCL. [PDF]

• ICCL calls for immediate removal of Hikvision cameras from Oireachtas, 12 February 2023. Available at ICCL. [PDF] [The Sunday Times] [Irish Independent] [Irish Examiner] [Business Post] [The Irish News] [Raidió Teilifís Éireann (RTÉ)] [The Journal (Irish)] [The Irish Sun] [The Independent (British)] [Silicon Republic] [Politico]

  • Update on 13 February 2023:

    • Opposition leaders back ICCLs call to remove Hikvision CCTV cameras. [The Irish Times] [Business Post]
    • Office of Public Works, responsible for procurement of CCTVs at the Oireachtas, commits to review best practice. [Raidió Teilifís Éireann (RTÉ)] [Irish Examiner]

  • Update on 15 February 2023:

    • ICCL writes to the Office of Public Works and Oireachtas seeking details of CCTV review. Available at ICCL. [PDF] [The Irish Times]
    • National Cyber Security Centre of Ireland says it is drafting IT infrastructure procurement guidelines amid CCTV concerns. [The Journal (Irish)]

• Does the European Parliament use Facial Recognition Technology?, 16 January 2023. Available at ICCL. [PDF] [Politico] [Euractiv] [Dziennik Gazeta Prawna]

  • Update on 8 February 2023: 38 Ministers of European Parliament wrote to the President of European Parliament citing concerns raised in ICCL letter. [PDF] [Politico]

Academic Publications

Manuscripts

• Kris Shrishak. Practical Secure Computation for Internet Infrastructure, April 2021. Ph.D. thesis. [Cite] [PDF]

• Kris Shrishak. Incorporating Leveled Homomorphic Encryption-based Private Information Retrieval in Federated eID Schemes to Enhance User Privacy, May 2016. M.Sc. Thesis. [PDF]

Peer-reviewed publications

Author names are listed alphabetically in most of my publications (exceptions: 1-2).

1. Kris Shrishak, Haya Shulman. Negotiating PQC for DNSSEC. DSN, June 2021. [Cite]
2. Kris Shrishak, Haya Shulman. Privacy Preserving and Resilient RPKI. INFOCOM, May 2021. [Cite] [ePrint] [arXiv]
3. Anders Dalskov, Marcel Keller, Claudio Orlandi, Kris Shrishak, Haya Shulman. Securing DNSSEC Keys via Threshold ECDSA From Generic MPC. ESORICS, September 2020. [Cite] [ePrint] [Youtube]
4. Kris Shrishak, Haya Shulman. Limiting the Power of RPKI Authorities. ANRW, July 2020. [Cite] [Youtube] [APNIC Blog] [RIPE Labs] [Rule11 Tech]
5. Markus Brandt, Claudio Orlandi, Kris Shrishak, Haya Shulman. Optimal Transport Layer for Secure Computation. SECRYPT, July 2020. [Cite] [ePrint]
6. Kris Shrishak, Haya Shulman. MPC for Securing Internet Infrastructure. DSN, July 2020. [Cite] [Youtube]
7. Michael Kreutzer, Ruben Niederhagen, Kris Shrishak, Hervais Simo Fhom. Quotable Signatures using Merkle Trees. GI-Jahrestagung 2019, September 2019. [Cite]
8. Kris Shrishak, Haya Shulman, Michael Waidner. Removing the Bottleneck for Practical 2PC. ACM CCS, October 2018. [Cite]
9. Kris Shrishak, Zekeriya Erkin, Remco Schaar. Enhancing User Privacy in Federated eID Schemes NTMS, November 2016. [Cite]
10. Kris Shrishak, Zekeriya Erkin, Remco Schaar. Enhancing privacy of users in eID schemes. 37th WIC Symposium on Information Theory in the Benelux, May 2016. [PDF]

Other publications

• Sustainable Internet governance (contributor) in Recommendations for a sustainable digital future; Youth4DigitalSustainability, November 2020. Available at German Informatics Society.

• Kris Shrishak. Limiting the Power of RPKI Authorities, 27 August 2020. Available at APNIC Blog and RIPE Labs.

• Kris Shrishak. How ‘human chipping’ influences who we are and who we think we are, Lesezeichen “Technik”, August 2020. Available at Asta Darmstadt.

• Kris Shrishak. (Almost) Predictable beings in a Techno-social World, Lesezeichen “Technik”, August 2020. Available at Asta Darmstadt.

• Data protection and children’s safety (contributor) in YOUthDIG 2020 messages, May 2020. Available at EuroDIG.