Proposal for a Regulation on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020

Author (Corporate)
Series Details COM (2022) 454
Publication Date 15/09/2022
Content Type , ,

Summary:

Legislative initiative tabled by the European Commission on 15 September 2022, setting out a Cyber Resilience Act (CRA) aimed at protecting consumers and businesses from products with inadequate security features. This is a text with EEA relevance.

Further information:

The cybersecurity of products with digital elements has a strong cross-border dimension. In addition, incidents initially affecting a single entity or Member State often spread within minutes across the entire internal market. While existing legislation applies to certain products, most of the hardware and software products are not yet covered by any framework tackling their cybersecurity.

Four specific objectives are set out in this proposal:

  • ensure that manufacturers improve the security of products with digital elements since the design and development phase and throughout the whole life cycle;
  • ensure a coherent cybersecurity framework, facilitating compliance for hardware and software producers;
  • enhance the transparency of security properties of products with digital elements;
  • enable businesses and consumers to use products with digital elements securely.

The draft Regulation was first announced in the European Commission's Cybersecurity Strategy, and it entails amendments to Regulation (EU) 2019/1020. It was formally tabled on 15 September 2022, following the annual State of the European Union (SOTEU) address delivered by the President of the European Commission.

Source Link https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=COM:2022:454:FIN
Related Links
Commentary and Analysis
Orgalim: News, 15/09/2022: Cyber Resilience Act: A crucial step forward https://orgalim.eu/news/cyber-resilience-act-crucial-step-forward
Digital Europe: Press Release, 15/09/2022: Cyber Resilience Act: a big step forward for digital resilience but too much too soon https://www.digitaleurope.org/news/cyber-resilience-act-a-big-step-forward-for-digital-resilience-but-too-much-too-soon/
DR2 Consultants: Blog, 16/09/2022: European Cyber Resilience Act: can new requirements for products strengthen your organization’s cybersecurity resilience? https://dr2consultants.eu/european-cyber-resilience-act/

News
Bloomberg, 07/09/2022: Web-Connected Devices May Have to Meet New EU Cybersecurity Rules https://www.bloomberg.com/news/articles/2022-09-07/internet-connected-devices-may-have-to-meet-new-eu-requirements
EurActiv, 15/09/2022: Commission presents Cyber Resilience Act targeting Internet of Things products https://www.euractiv.com/section/digital/news/commission-presents-cyber-resilience-act-targeting-internet-of-things-products/
Euronews, 15/09/2022: Brussels plans to introduce cybersecurity requirements for connected devices https://www.euronews.com/my-europe/2022/09/15/brussels-plans-to-introduce-cybersecurity-requirements-for-connected-devices
Reuters, 15/09/2022: EU proposes rules targeting cybersecurity risks of smart devices https://www.reuters.com/technology/eu-proposes-rules-targeting-smart-devices-with-cybersecurity-risks-2022-09-15/
The Independent (UK), 15/09/2022: EU wants to toughen cybersecurity rules for smart devices https://www.independent.co.uk/news/ap-brussels-thierry-breton-europe-european-commission-b2167907.html
Politico, 15/09/2022: EU pitches cyber law to fix patchy Internet of Things https://www.politico.eu/article/new-cyber-act-to-raise-safety-standards-across-the-bloc/
Forbes Magazine, 15/09/2022: EU Aims To Boost Security Of Connected Devices With New Cyber Resilience Act https://www.forbes.com/sites/emmawoollacott/2022/09/15/eu-aims-to-boost-security-of-connected-devices-with-new-cyber-resilience-act/?sh=44445f5da08a
EurActiv, 16/09/2022: EU chief announces cybersecurity law for connected devices https://www.euractiv.com/section/cybersecurity/news/eu-chief-announces-cybersecurity-law-for-connected-devices/

Official
EUR-LEX: SWD(2022)282: Staff Working Document accompanying the Proposal - Impact Assessment Report https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=SWD:2022:282:FIN
EUR-LEX: SWD(2022)283: Staff Working Document accompanying the Proposal - Executive Summary of the Impact Assessment Report https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=SWD:2022:283:FIN
European Commission: Better Regulation: Have Your Say: Cyber resilience act – new cybersecurity rules for digital products and ancillary services https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13410-Cyber-resilience-act-new-cybersecurity-rules-for-digital-products-and-ancillary-services_en
European Commission: Policies: EU Cyber Resilience Act https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act
European Commission: Press Release, 15/09/2022: State of the Union: New EU cybersecurity rules ensure more secure hardware and software products https://ec.europa.eu/commission/presscorner/detail/en/ip_22_5374
European Commission: State of the Union: EU Cyber Resilience Act - Questions & Answers (15 September 2022) https://ec.europa.eu/commission/presscorner/detail/en/qanda_22_5375

Subject Categories ,
Subject Tags , ,
International Organisations