|Author (Corporate)||European Commission: DG Communications Networks Content and Technology|
|Series Details||COM (2022) 454|
|Content Type||Blog & Commentary, News, Policy-making|
Legislative initiative tabled by the European Commission on 15 September 2022, setting out a Cyber Resilience Act (CRA) aimed at protecting consumers and businesses from products with inadequate security features. This is a text with EEA relevance.
The cybersecurity of products with digital elements has a strong cross-border dimension. In addition, incidents initially affecting a single entity or Member State often spread within minutes across the entire internal market. While existing legislation applies to certain products, most of the hardware and software products are not yet covered by any framework tackling their cybersecurity.
Four specific objectives are set out in this proposal:
The draft Regulation was first announced in the European Commission's Cybersecurity Strategy, and it entails amendments to Regulation (EU) 2019/1020. It was formally tabled on 15 September 2022, following the annual State of the European Union (SOTEU) address delivered by the President of the European Commission. The Council of the European Union adopted its general approach to the proposal on 19 July 2023. The plenary of the European Parliament endorsed its own negotiating position on that same day.
|Subject Categories||Internal Markets, Security and Defence|
|Subject Tags||Consumer Rights | Protection, Cybersecurity | Cyber-security, Risk | Crisis Management|
|International Organisations||European Union [EU]|