In a significant move to bolster cybersecurity, the European Union has progressed with the Cyber Resilience Act, a landmark piece of legislation aimed at enhancing the security of internet-connected devices. This regulation, initially proposed in September 2022, has now reached a consensus on its terms as of December 1.
Under this new framework, manufacturers of hardware and software products will be required to ensure robust cybersecurity measures throughout the lifespan of their products. This includes providing consistent security updates to consumers. A notable aspect of the act is its consumer-centric approach, mandating that all products sold within the EU must adhere to stringent cybersecurity standards, a fact that will be indicated by a special CE marking on a wide range of devices, from home appliances to personal gadgets.
Post-approval by the European Parliament and Council, the legislation is expected to become effective 20 days after its publication in the official journal. Following this, a 36-month window will be provided for manufacturers, importers, and distributors to align with the new regulations. However, a shorter period of 21 months is allocated for compliance with the mandatory incident and vulnerability reporting.
The reception among European officials has been positive. Commissioner Thierry Breton highlighted the legislation's role in ensuring that digital devices in the EU market are embedded with comprehensive cybersecurity measures from their inception. Echoing this sentiment, Vice President Věra Jourová emphasized the necessity for consumers to trust the safety of the digital products they use.
The implications of non-compliance are significant, with potential fines and withdrawal of non-conforming products from the EU market. This act forms a critical part of the EU's broader strategy to regulate Big Tech, focusing on issues like data privacy, artificial intelligence, and cybersecurity. Legal experts have observed the EU's increasing efforts to hold tech companies accountable for various aspects of digital safety and rights.
Overall, the Cyber Resilience Act represents a major step in the EU's commitment to ensuring a safe and secure digital environment for its citizens and sets a precedent for other regions to follow.
6clicks is built from the ground up to support organizations in their quest for better cyber compliance. If you'd like to learn more about how we can help, click the button below, and we'll connect you with one of our friendly team members.