Independent research & analysis, published with care and purpose with the belief that better ideas can help shape stronger systems.
Shaping Policy Through Expert Engagement
A record of research-based contributions to policy, regulation, and digital governance across sectors and jurisdictions.
As part of my work at the intersection of regulatory design, operational resilience, and financial governance, I contribute to public consultations led by authorities in the UK, the European Union, the United States, and other international bodies. These submissions reflect an independent, systems-oriented approach to strengthening regulatory frameworks in the face of digital transformation.
Each contribution applies field-informed research to real regulatory challenges, with a focus on proportionality, cross-border coherence, and the evolving architecture of digital and institutional risk.
I specialize in the governance of AI, cybersecurity, and digital infrastructure, with a focus on regulatory resilience, institutional trust, and public-sector innovation across global jurisdictions.
​
Peer Reviewer & Editorial Candidate – Available for peer review and editorial board opportunities in journals aligned with AI governance, research policy, institutional resilience, public-sector innovation, and cybersecurity regulation.
​
Recent peer-reviewer for: Transforming Government: People, Process and Policy (Emerald Publishing)
Impact Factor 2.6/ Cite Score 5.4​
Connect
Andra
Core Areas of Expertise
​
-
AI Governance and Regulation
-
Cybersecurity Policy and Operational Resilience
-
Cyberlaw and Digital Regulation
Legal frameworks governing cyberspace, AI systems, data infrastructure, and institutional digital rights, including compliance, enforcement, and international alignment.
-
Systemic Risk in Digital Infrastructure
-
Cyberspace Governance and Strategic Regulation
-
Public-Sector Technology Oversight
-
Algorithmic Accountability and Trustworthy AI
-
Institutional Legitimacy and Governance Design
Emerging Areas of Focus
​
-
AI Risk Classification and Policy Frameworks
-
AI Impact Assessment and Compliance Audits
-
AI Transparency and Explainability in Regulation
-
AI and Democratic Resilience
-
Cross-Border Governance of AI and Data Infrastructures
-
AI Oversight in Public Procurement and Infrastructure
-
Long-Term Governance of Frontier Models
-
AI Ethics in Crisis Management and National Security
Research & Evaluation Themes
-
Research Evaluation and Innovation Policy
-
Regulatory Governance of Emerging Technologies
-
Comparative Policy Analysis (EU, UK, US)
-
Adaptive Governance and Risk Foresight
-
Ethics and Oversight in Technology Policy
Applied and Cross-Sector Topics
​
-
AI in Financial and Public Systems
-
Deepfake and Misinformation Governance
-
Digital Sovereignty and Strategic Autonomy
-
Policy Design for Responsible AI Deployment
-
Crisis Resilience and Regulatory Alignment
-
Public Trust and Democratic Oversight in AI
Forthcoming Publications
• Alcalá, A. T. (Forthcoming, 2026). The Resilient Algorithm.
• Cojocaru, A. (Forthcoming, 2026). Adaptive and Ethical AI Governance in Data Sharing and Financial Systems.
• Cojocaru, A. (Forthcoming, 2026). Regulatory Resilience in the Age of Deepfakes: Governing AI-Driven Misinformation.
Recent Publications:
Cojocaru, A. (2025). Aligning regulation and governance for cyber resilience:
A theoretical framework for the UK financial sector. Computers & Security. https://doi.org/10.1016/j.cose.2025.104627
Impact Factor 5.4 Cite Score 13.3
Cojocaru, A. (2025)
Aligning regulation and governance for cyber resilience:
A theoretical framework for the UK financial sector. Computers & Security. https://doi.org/10.1016/j.cose.2025.104627
Special issue
Security and Regulation: Cybersecurity, Privacy, and Trust- Protecting information and ensuring responsible technology use
Response to the PRA CP12/25 – Pillar 2A Capital Review (Phase 1)
Submitted to: Prudential Regulation Authority (Bank of England)
Focus: Proposed revisions to Pillar 2A capital methodologies, aimed at enhancing proportionality, transparency, and alignment with actual risk exposures.
My contribution: Emphasised the need for consistent supervisory interpretation, integration of third-party and systemic technology risks in future phases, and alignment with the Basel 3.1 implementation roadmap.
Response to HM Treasury – Alternative Investment Fund Managers Regulations Consultation
Submitted to: HM Treasury
Focus: Reform of the UK’s AIFM regulatory framework to streamline oversight, reduce duplication, and tailor post-Brexit fund regulation to domestic market needs.
My contribution: Provided feedback on proportionality in regulatory design, resilience considerations for venture capital and property funds, and the importance of risk-based agility in supervisory approaches.
NIST IR 7621r2 – Small Business Information Security Response
Formal submission to the U.S. National Institute of Standards and Technology (NIST) on the Initial Public Draft of IR 7621 Revision 2: Small Business Information Security.
This document contains structured feedback focused on improving regulatory clarity, proportionality, vendor risk governance, feedback mechanisms, and international relevance within cybersecurity guidance for small businesses.
Download the full submission (Excel)
Summary of the submission (PDF)
Response to the FCA CP25/13 – Improving Complaints Reporting
Submitted to: Financial Conduct Authority
Focus: Proposal to simplify and strengthen the complaints data collection framework to support more effective supervision and firm accountability.
My contribution: Recommended aligning the reforms with operational resilience principles, enhancing complaints data for system-wide monitoring, and encouraging inter-agency coordination to identify technology-related risks and emerging consumer vulnerabilities.
Submitted via EU Have Your Say:
Initiative 14578
EU Cybersecurity Act - Policy Brief June 2025
Submitted to the European Commission’s consultation on the revision of the EU Cybersecurity Act, this policy brief offers strategic proposals to strengthen regulatory alignment, improve certification uptake, and reinforce systemic cyber resilience.
It calls for an expanded role for ENISA, better integration with NIS2, DORA, and GDPR, and practical tools like interoperability layers and SME-friendly pathways.
Read the brief: 🔗 Zenodo – DOI: https://doi.org/10.5281/zenodo.15599510
