WHY ESPRE?

When specifying a system, security and privacy need to be addressed as early as possible, yet stakeholders find doing so difficult in the face of conflicting priorities. When these concerns are addressed, we discover how intrinsically difficult specifying usable security and privacy can be towards meeting business and developmental needs, and the subsequent blurred distinction between requirements and security and privacy concepts.

The theme of this year's Evolving Security and Privacy Requirements Engineering (ESPRE) 2026 workshop continues to align with the main theme of this year’s RE conference - Sustainability and workforce transformation in the era of generative AI: How to prepare for a future in collaboration with AI tools and assistants.

The growing pervasiveness of generative AI systems is profoundly reshaping both sustainability concerns and workforce transformation, making it essential to rethink how requirements are engineered. From a security and privacy perspective, generative AI introduces new opportunities that improve elicitation, consistency, traceability, and compliance checking, unfortunately it also raises novel risks related to data protection, model misuse, accountability, and human–AI responsibility sharing.

At the same time, sustainability becomes a first-class concern, encompassing not only energy consumption and environmental impact of AI-driven solutions, but also long-term social sustainability, skills evolution and trust in AI-supported work practices. These challenges call for new paradigms on security and privacy requirements that explicitly consider human–AI collaboration and its impact on both technical systems and people.

The ESPRE workshop provides a multi-disciplinary one-day workshop, bringing together practitioners and researchers from across the world interested in evolving security and privacy requirements engineering practice.

The workshop will include an invited keynote talk, paper presentations and discussions, and a facilitated roadmap discussion session towards future Security and Privacy Requirements Engineering activities.

We look forward to seeing you in Montréal.

TOPICS

These include, but are not limited to:

  • Large language models for privacy and security requirements
  • Privacy and security requirements of large language models
  • Prompt engineering for security and privacy requirement elicitation and definition
  • Privacy-compliant design and creation of machine learning models
  • Specification of security requirements for prompt defense
  • AI for security and privacy
  • Security and privacy for AI
  • Security and privacy enforcement using blockchain technologies
  • Security and privacy drawbacks of blockchain technologies
  • Security and privacy requirements elicitation and analysis
  • Security and privacy requirements-based testing
  • Formal and informal modelling of laws, policies, and requirements
  • Requirements verification: monitoring, documenting, and auditing evidence of compliance
  • Ethics and security and privacy requirements
  • Security and privacy requirements for humans
  • Security and privacy requirements of/for behavioural-change (nudging) technologies
  • Security and privacy requirements for accessibility and inclusivity
  • Modelling of trust, reputation, and risk
  • Identification and management of all stakeholders (including attackers)
  • Modelling of domain knowledge for security and privacy requirements
  • Security and privacy requirements engineering processes
  • Positive (and especially negative) lessons learned applying security and requirements engineering in practice
  • User studies of security or privacy technology
ESPRE2026

Download the ESPRE 2026 Call for Papers

ESPRE26 will be again be held in-person. We'll add any on-going updates about the event for you here. See here for more details about the RE conference

Keynote Speaker

...will be confirmed closer to the Workshop date

Bio:

Coming Soon

Accepted Papers

Apply Now

In our workshop call, we will invite the following types of submissions:

  • Full paper: describes a well-defined research project, possibly with an (initial) evaluation. Page limits: 8 pages plus 2 pages only for references.
  • Short paper: describes a preliminary research project. Page limits: 5 pages plus 1 page only for references.
  • Abstract: this type of submission will not be part of the proceedings of ESPRE, but it will get a regular discussion slot at the workshop event. It presents very preliminary/seminal research work, for presentation of tools or non-original work. Page limits: 1 page plus 1 page for references. Abstracts should be submitted by 18 May, 2026.

Submit your papers now for review and consideration!




Important Dates

NOW

Write-up your research

Formatting instructions can be accessed here

Submission Deadline

Due by 23:59:59 AoE, Monday, 25 May 2026

Submissions to EasyChair

(8 Pages, plus 2 pages for references)

Author Notifications

From Monday, 22 June 2026

Conference Registration

For more information, see the RE26 website about how to register to attend the event

Camera-Ready Submission

Due by 23:59:59 AoE, Thursday, 02 July 2026

Submission link to be supplied

ESPRE26 Workshop

Monday, 17 August 2026

Schedule - 2026

Throughout the day, the workshop organisers will note potential research challenges that form the basis of a roadmap for evolving security and privacy requirements engineering. Following the final session, we will close the workshop with a wrap-up session, in which these challenges and a potential roadmap for addressing them will be proposed.

Workshop Room - TBC

Previous Programme Committee

If you would like to be considered towards joining the Programme Committee, do contact us for more information.

Organising Committee

Mitra Bokaei Hosseini

UT San Antonio,
USA
Portfolio Image Institutional Logo

Duncan
Ki-Aries

Bournemouth University,
UK
Portfolio Image Institutional Logo

Seok-Won
Lee

Ajou University,
South Korea
Portfolio Image Institutional Logo

Mattia
Salnitri

Università degli studi di Bergamo, Italy
Portfolio Image Institutional Logo

Previous Workshops

ESPRE is now celebrating it's 13th year. Although the ESPRE workshop has been co-located with RE since 2014, it builds on the success of earlier workshops in security requirements engineering and secure software engineering.

For example, the Security and Privacy Requirements Engineering (SPREE) Workshop in 2011, the International Workshop for Software Engineering for Secure Systems (SESS) series, and the Requirements for High Assurance Systems (RHAS) workshop series.

During 2020-2022 (the pandemic), workshop and conference sessions were mostly held online, then in 2023 we retunred to in-person sessions in Hannover, Germany, followed by Reykjavik, Iceland in 2024, then Valencia, Spain in 2025.


The twelth ESPRE workshop was held as a one-day in-person workshop during RE 2025. The workshop consisted of keynote talk by Frank Pallas, and a technical programme of presentations, followed by a closing talk towards addressing future challenges and considerations towards evolving security and privacy requirements engineering. (Website)
The eleventh ESPRE workshop was held as a one-day in-person workshop during RE 2024. The workshop consisted of keynote talk by Maya Anderson, and a technical programme of presentations, followed by a closing talk towards addressing future challenges and considerations towards evolving security and privacy requirements engineering. (Website)
The tenth ESPRE workshop was held as a one-day in-person workshop during RE 2023. The workshop consisted of keynote talk by Dr. Sepideh Ghanavati, and a technical programme of presentations, followed by a closing talk towards addressing future challenges and considerations towards evolving security and privacy requirements engineering. (Website)
The ninth ESPRE workshop was held as a one-day online workshop during RE 2022. The workshop consisted of keynote talks by Erlend Andreas Gjære and Nancy R. Mead, and technical programme of presentations, followed by a closing talk towards a roadmap for evolving security and privacy requirements engineering. (Website)
The eighth ESPRE workshop was held as a half-day online workshop during RE 2021. The workshop consisted of a keynote talk by Travis Breaux and José Francisco Ruiz, and technical programme of presentations, followed by a closing talk towards a roadmap for evolving security and privacy requirements engineering. (Website)
The seventh ESPRE workshop was held as a half-day workshop during RE 2020, and became the first online ESPRE workshop. The workshop consisted of a keynote talk by Shamal Faily, a reduced technical programme of presentations, and a closing talk and participant discussion led by Duncan Ki-Aries towards a roadmap for evolving security and privacy requirements engineering. (Website)
The sixth ESPRE workshop was held during RE 2019 in Jeju Island, South Korea. The workshop consisted of a keynote talk by Daehun Nyang, a technical programme of six paper presentations, and a closing talk and participant discussion led by Tiago Gasiba towards a roadmap for evolving security andprivacy requirements engineering. (Website)
The fifth ESPRE workshop was held during RE 2018 in Banff, Canada. The workshop consisted of a keynote talk by Yijun Yu, a technical programme of five paper presentations, a lightning talk session, and a closing talk by Lionel Briand. (Website)
The fourth ESPRE workshop was held during RE 2017 in Lisbon, Portugal. The workshop consisted of a keynote talk by Chris Williams, a technical programme of seven paper presentations, and a closing talk by Tiago Gasiba. (Website)
The third ESPRE workshop was held during RE 2016 in Beijing, China. The workshop consisted of a keynote talk by Lin Liu, a technical programme of six paper presentations, a lightening talk session, and an interactive demo session.
The second ESPRE workshop was held during RE 2015 in Ottawa, Canada. The workshop consisted of a keynote talk by Robert Biddle, a technical programme of five paper presentations, and a closing talk by Fabio Massacci. For the first time, the programme also included a lightening talk session containing a number of brief presentations from attendees on new and emerging results from our field. (Website)
The first ESPRE workshop was held during RE 2014 in Karlskrona, Sweden. The workshop consisted of a keynote talk by Angela Sasse, a technical programme of eight paper presentations, and a closing talk by Aljosa Pasic. Three selected papers of the workshop were extended for an ESPRE special issue of the International Journal of Secure Software Engineering, which was published in 2015. (Website)
Top