Cyber Resilience Act - New cybersecurity rules for digital products and ancillary services

Actualités juridiques

The European Commission presented on 15 September 2022 a proposal for a regulation on cyber security requirements for products with digital elements (“Cyber Resilience Act”).

The Cyber Resilience Act aims to introduce a common cybersecurity rule for manufacturers and developers of products with digital elements, covering both hardware and software products.

The new act would specifically complement the already existing baseline cybersecurity framework of the Network and Information Security Directive and the Regulation (EU) 2019/1020.

Cyber Resilience Act is focusing in four specific objectives:

  1. ensure that manufacturers improve the security of products with digital elements since the design and development phase and throughout the whole life cycle;
  2. ensure a coherent cybersecurity framework, facilitating compliance for hardware and software manufacturers;
  3. enhance the transparency of security properties of products with digital elements, and
  4. enable businesses and consumers to use products with digital elements securely.

If you have an interest in this proposal and wish to provide your view, the act is opened for feedback as from 19 September 2022 and for a minimum period of 8 weeks (the eight-week feedback period is being extended every day until this adopted proposal is available in all EU languages) : Feedback on CRA proposal.