The European Commission presented a proposal for a new Cyber Resilience Act to protect consumers and businesses from products with inadequate security features! Last September 15th, the Commission presented a proposal for a new Cyber Resilience Act to protect consumers and businesses from products with inadequate security features. A first ever EU-wide legislation of its kind, it introduces mandatory cybersecurity requirements for products with digital elements, throughout their whole lifecycle.
The Act, announced by President Ursula von der Leyen in September 2021 during her State of the European Union address, and building on the 2020 EU Cybersecurity Strategy and the 2020 EU Security Union Strategy, will ensure that digital products, such as wireless and wired products and software, are more secure for consumers across the EU: in addition to increasing the responsibility of manufacturers by obliging them to provide security support and software updates to address identified vulnerabilities, it will enable consumers to have sufficient information about the cybersecurity of the products they buy and use.
The measures proposed are based on the New Legislative Framework for EU product legislation and will lay down:
- rules for the placing on the market of products with digital elements to ensure their cybersecurity;
- essential requirements for the design, development and production of products with digital elements, and obligations for economic operators in relation to these products;
- essential requirements for the vulnerability handling processes put in place by manufacturers to ensure the cybersecurity of products with digital elements during the whole life cycle, and obligations for economic operators in relation to these processes. Manufacturers will also have to report actively exploited vulnerabilities and incidents;
- rules on market surveillance and enforcement.
The full article is available in the following LINK.