EU Council and EU Parliament enhance cybersecurity for digital products with the Cyber Resilience Act, ensuring connected devices are secure before entering the market.
The European Union has taken a major step forward in enhancing cybersecurity for digital products with the adoption of the Cyber Resilience Act by the EU Council and EU Parliament. This new law sets cybersecurity requirements for products with digital components, aiming to ensure that connected devices, from home security cameras to smart refrigerators and toys, are secure from cyber threats before entering the market. The act reflects the EU’s commitment to building a resilient cyber infrastructure and ensuring the safety of connected products for consumers and businesses alike. Through its emphasis on comprehensive security measures, the Cyber Resilience Act stands to strengthen the EU’s cyber defense, setting a global precedent for cybersecurity.
The Cyber Resilience Act standardized cybersecurity across the EU, emphasizing security for products with digital elements throughout their lifecycle and supply chain.
The Cyber Resilience Act fills existing gaps in the cybersecurity legislative framework, harmonizing cybersecurity standards across EU member states. This legislative act applies to products with digital elements, such as Internet of Things (IoT) devices, making security a priority throughout the entire lifecycle and supply chain of each product. The act also helps consumers make more informed choices, highlighting the products that meet specific cybersecurity standards indicating compliance.
The Cyber Resilience Act features key elements aimed at safeguarding key infrastructure and strengthening cybersecurity measures.
The Cyber Resilience Act features key elements including:
1. Unified EU Cybersecurity Standards: The new law introduces standardized requirements for designing, developing, and manufacturing both hardware and software, preventing the overlapping obligations that currently vary across EU member states.
2. CE Marking for Compliance: Hardware and software products meeting the act’s cybersecurity requirements will carry the CE marking, signifying compliance. This label, common across the European Economic Area (EEA), indicates that products have been assessed to meet high standards in safety, health, and environmental protection.
3. Scope and Exceptions: The regulation will cover all products connected to a network or another device, either directly or indirectly. Exemptions apply to certain items, such as medical devices, cars, and aeronautical products, which already have cybersecurity standards in place under existing EU regulations.
4. Consumer Transparency: The Cyber Resilience Act enables consumers to factor cybersecurity into their purchasing decisions, allowing them to easily identify secure hardware and software products.
These key elements are expected to not only facilitate more informed decision making by consumers, but also set standards for compliance for the manufacturers and sellers of these devices.
Once adopted, the legislative act will be signed, published, and take effect 20 days post-publication, with full application 36 months later.
Following this adoption, the legislative act will be signed by the presidents of the Council and the European Parliament and published in the EU’s official journal. It will take effect 20 days after publication, with full application set for 36 months after the date it enters into force. Specific provisions will be implemented earlier.