The European Parliament approved the Cybersecurity Resilience Act in the European Union. This comprehensive legislation focuses on bolstering cybersecurity measures and fortifying digital infrastructures against cyber threats.
The Act aims to address lacking standards in the EU, particularly regarding products that contain digital elements. Specific objectives include:
- Ensuring that manufacturers improve the security of products with digital elements in the design and development phase as well as throughout the lifecycle of the product
- Ensuring a coherence cybersecurity framework in the EU, facilitating compliance for hardware and software providers
- Enhancing the transparency of security properties of products with digital elements, and
- Enabling businesses and consumers to use products with digital elements securely.
The Act will apply to all products connected directly or indirectly to another device or network except for specified exclusions such as open-source software or services that are already covered by existing rules, such as medical devices, aviation vehicles and cars.
Enforcement agencies will be empowered by the ACT at a broader EU level, with contraventions of the Act resulting in penalties of up to 15 million Euros or up to 2.5% of worldwide turnover (whichever is greater). Enforcement agencies may also apply corrective or restrictive measures to withdraw products from the European market.
The Act still requires approval from the European Council to come into force.
For a full reading of the Act, see here.
