Embedded Files
Dr. Oğuz Kaan Pehlivan
PhD in International Law | Chevening Scholar | Research Affiliate, University of Oslo
International law scholar and policy advisor specialising in cybersecurity governance, digital regulation (NIS2, EU AI Act, GDPR/KVKK), and investment law — with over a decade of experience bridging legislative practice, corporate counsel, and academic research.
Key areas: NIS2 Directive · EU AI Act · GDPR / KVKK · Investment Law · Cyberespionage · Digital Assets · Legislative Advisory · International Law
Context & Strategic Challenge
Context & Strategic Challenge
The regulatory landscape governing digital infrastructure, artificial intelligence, and cross-border investment has undergone a fundamental shift. The EU AI Act (2024) introduced the first comprehensive risk-based framework for AI systems, while the NIS2 Directive (2022/2555) dramatically expanded cybersecurity obligations across critical sectors. Simultaneously, GDPR enforcement has matured, new asset classes have disrupted investment law norms, and geopolitical friction has increased the stakes of legislative design. Governments, corporations, and international bodies urgently need advisors who can navigate this complex, overlapping regulatory environment with both technical precision and policy depth.
Regulatory Competence
Regulatory Competence
NIS2 Directive (EU)
NIS2 Directive (EU)
Cybersecurity obligations for essential and important entities; incident reporting, supply chain security, and supervisory compliance across 18 critical sectors.
EU AI Act (EU)
EU AI Act (EU)
Risk classification, prohibited practices, high-risk system requirements, conformity assessments, and fundamental rights impact evaluations.
GDPR & KVKK (EU / TR)
GDPR & KVKK (EU / TR)
Data protection compliance architecture, cross-border data transfers, DPO advisory, and enforcement risk mitigation for multinational operations.
Investment Law — BITs & FPS (International)
Investment Law — BITs & FPS (International)
Bilateral investment treaties, Full Protection & Security standard, digital asset protection, and investor-state dispute settlement frameworks.
Cyber Operations & IHL (International)
Cyber Operations & IHL (International)
State-sponsored cyberespionage, attribution, measures short of armed conflict, and submarine cable geopolitics under international law.
Cyber Resilience Act & Digital Markets (EU)
Cyber Resilience Act & Digital Markets (EU)
CRA obligations, digital market governance, and interoperability requirements for digital products and connected services.
Professional Track Record
Professional Track Record
Legislative & Policy Advisory — Grand National Assembly of Türkiye
Legislative & Policy Advisory — Grand National Assembly of Türkiye
• Drafted 150+ legislative initiatives including NIS-aligned cybersecurity proposals, constitutional questions, and investigative commissions
• Provided expert analysis on EU regulatory harmonisation and international law obligations, including alignment of Turkish cybersecurity law with NIS2-equivalent standards
• Facilitated cross-party stakeholder engagement on digital governance reforms affecting technology, data protection, and investment sectors
Corporate Legal Counsel — DLA Piper LLP, İstanbul
Corporate Legal Counsel — DLA Piper LLP, İstanbul
• Advised Nike, Netflix, and Huawei on GDPR compliance, cybersecurity policies, and digital rights management
• Designed NIS-equivalent security frameworks for technology-sector clients ahead of regulatory cycles — directly applicable to current NIS2 compliance mandates
• Drafted AI governance policies for startups navigating EU AI Act compliance obligations, including risk classification and conformity documentation
Policy Research — USAK, International Strategic Research Organization
Policy Research — USAK, International Strategic Research Organization
• Published peer-reviewed research on cyber defence, state responsibility, and international investment protection
• Presented at NATO forums and international botnet alliances on legal dimensions of cyber operations and hybrid threats
• Developed policy briefs directly influencing national cybersecurity legislative design; findings cited in parliamentary proceedings
Academic Contributions — Ankara University · Routledge · University of Oslo
Academic Contributions — Ankara University · Routledge · University of Oslo
• Confronting Cyberespionage under International Law (Routledge, 2018) — foundational monograph on state responsibility, attribution, and countermeasures
• PhD monograph on Full Protection & Security standard: Ottoman/Seljuk legal genealogy through digital asset protection under modern BIT regimes
• Ongoing research on AI-assisted cyber operations, hybrid infrastructure threats, and TWAIL critiques of technology governance asymmetry
Key Achievements
Key Achievements
150+ legislative initiatives drafted
117 bilateral investment treaties systematically coded and analysed
65,000+ academic profile visits across 55+ countries
2 international best paper awards (Atlantic Council; TÜBİTAK)
• Atlantic Council Best Decision Paper Award — recognised for excellence in cyber policy analysis
• TÜBİTAK Best Working Paper on Cyberwarfare — acknowledged for original contribution to legal-technical research
• Chevening Scholar, Queen Mary University of London — UK Government flagship leadership award
• PhD Summa Cum Laude, Ankara University — highest distinction in faculty history for the dissertation
Interdisciplinary Approach
Interdisciplinary Approach
Effective legal and policy work in the digital age demands fluency across disciplines. Regulatory frameworks such as the EU AI Act and NIS2 do not operate in isolation — they interact with investment treaties, human rights obligations, and geopolitical realities in ways that require advisors who think simultaneously in legal, technical, and strategic registers.
Dr. Pehlivan's career demonstrates that the most durable solutions emerge when legislative design, corporate compliance, and academic rigour are treated as mutually reinforcing rather than separate endeavours.
Strategic Priorities & Future Work
Strategic Priorities & Future Work
• AI governance compliance under the EU AI Act, with particular attention to high-risk categories in public sector, critical infrastructure, and defence contexts
• NIS2 implementation advisory — gap assessments, incident response frameworks, and supply chain due diligence for essential and important entities
• International legal norms for AI-assisted cyber operations and their implications for state responsibility, attribution, and the laws of armed conflict
• Regulatory frameworks for blockchain, cryptocurrency, and tokenised assets within international investment law and the EU MiCA regime
• Submarine cable protection, digital sovereignty, and critical infrastructure resilience at the intersection of geopolitics and international law
• Digital human rights frameworks engaging with TWAIL critiques of technology governance asymmetry between Global North and South
Page updated
Google Sites
Report abuse