INFORMATION TECHNOLOGY
EU Council: Cyber Resilience Act (CRA) definitively approved, introducing new security requirements for digital products.
The EU Council has finally approved the Cyber Resilience Act, the new law that introduces cyber security requirements for products with digital elements to ensure that, for example, connected home cameras, refrigerators, TVs and toys are secure before they are placed on the market. The overall aim is to close gaps, clarify linkages and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components are secure along the supply chain and during their life cycle.
The regulation will apply to all products that are directly or indirectly connected to another device or network. There are some exceptions for products for which cyber security requirements are already laid down in existing EU standards, e.g. medical devices, aeronautical products and cars.
Specifically, the text provides for the introduction of EU-wide cybersecurity requirements for the design, development, production and making available on the market of hardware and software products, in order to avoid overlapping requirements stemming from different member state regulations. For example, software and hardware products will bear the CE marking to indicate that they comply with the requirements of the regulation.
It will also enable consumers to take cybersecurity into account when selecting and using products containing digital elements, making it easier for them to identify hardware and software products with the appropriate cybersecurity features.
The act will now be signed by the Presidents of the Council and the European Parliament and then published in the Official Journal of the EU.
The regulation will apply to all products that are directly or indirectly connected to another device or network. There are some exceptions for products for which cyber security requirements are already laid down in existing EU standards, e.g. medical devices, aeronautical products and cars.
Specifically, the text provides for the introduction of EU-wide cybersecurity requirements for the design, development, production and making available on the market of hardware and software products, in order to avoid overlapping requirements stemming from different member state regulations. For example, software and hardware products will bear the CE marking to indicate that they comply with the requirements of the regulation.
It will also enable consumers to take cybersecurity into account when selecting and using products containing digital elements, making it easier for them to identify hardware and software products with the appropriate cybersecurity features.
The act will now be signed by the Presidents of the Council and the European Parliament and then published in the Official Journal of the EU.
