European Union countries and lawmakers have agreed to implement the Cyber Resilience Act, designed to protect connected devices, including laptops, fridges, mobile apps, and smart devices, from cyber threats, in response to rising cyber attacks globally.
Proposed by the European Commission in September 2022, the Cyber Resilience Act, which the EU agreed to implement on 30th November, will be applicable to all products connected directly or indirectly to another device or network. The legislation outlines cybersecurity requirements for the design, development, production, and sale of both hardware and software products.
The new rules state that manufacturers must assess the cybersecurity risks of their products, provide declarations of conformity, and take appropriate action to address issues during the expected lifetime of the product or for a minimum of five years. Transparency regarding the security of hardware and software products for consumers and business users is mandated, along with the requirement to report cyber incidents to national authorities. Importers and distributors are responsible for verifying product conformity with EU rules.
Spanish Minister of Digital Transformation, Jose Luis Escriva, stressed that it necessary that there be a basic level of cybersecurity for connected devices sold in the EU, to ensure proper protection against cyber threats for businesses and consumers.
The European Commission estimates that the cybersecurity rules could potentially save companies up to €290 billion ($316 billion) annually compared to compliance costs of approximately €29 billion. The adoption of the Cyber Resilience Act reflects the EU’s commitment to enhancing cybersecurity measures and safeguarding connected devices in the digital landscape.
