SECURITY
Cyber Resilience Act
SECURITY
Cyber Resilience Act
Origin
Proposal for a regulation on horizontal cybersecurity requirements for products with digital elements 2022/0272(COD)
General overview
The purpose of the Cyber Resilience Act (CRA) is to ensure a sufficient level of cyber security for hardware and software products. Broadly speaking, it aims to achieve these aims by the introduction of common cybersecurity standards for connected devices and services.
While existing EU legislation applies to certain “products with digital elements”, most hardware and software products are currently not covered by any EU legislation which addresses cybersecurity issues. On this basis, the CRA seeks to achieve two overarching objectives:
- create conditions which allow for the development of secure “products with digital elements”
- create conditions that allow users to take cybersecurity into account when selecting and using “products with digital elements”
In other words, the CRA aims to hold manufacturers of devices that can connect to the internet responsible for cybersecurity throughout the product lifecycle. The CRA also aims to ensure harmonisation of legislation at an EU level which will increase trust among users as well as increase the attractiveness of EU products on the market.
Status
Adopted by Parliament 12 March 2024
Awaiting adoption by Council
PROPOSED REGULATION
(applies 12-24 mths from entry in force)
Useful links
- Text as adopted by Parliament
- Political agreement reached (Commission press release)
- Factsheet