The European Council has passed a new law, known as the Cyber Resilience Regulation, aimed at boosting cybersecurity for products that contain digital elements. This law covers a wide range of devices, from smart cameras to refrigerators and even toys. The goal is simple: make sure these products are secure before they reach consumers and remain safe throughout their entire use.
Key Points of the Law
This regulation sets clear cybersecurity standards across the European Union for the design, production, and sale of both hardware and software. It ensures that all digital products sold in the EU meet the same requirements, so there’s no confusion between different countries. These products will need to display the CE mark, which shows that they comply with European safety, health, and environmental standards.
The law applies to any device that connects directly or indirectly to another device or network. Some exceptions include items like medical equipment, airplanes, and cars, which already follow other EU cybersecurity laws.
A key focus of the law is making consumers more aware of cybersecurity when choosing products. With better information available, people will be able to make smarter decisions about what they buy and feel more confident that their devices are safe.
What Happens Next?
Now that the law has been approved, it will be signed by the Presidents of both the European Council and the European Parliament. After that, it will be published in the EU’s Official Journal and officially become law 20 days later. Most of the rules will begin to apply 36 months after that, although some parts of the law will take effect earlier.
Background Information
The idea for a common set of cybersecurity rules in the EU first came up in 2021 during a State of the Union speech by European Commission President Ursula von der Leyen. The Council took up the issue in May 2022 and asked the Commission to propose a plan by the end of that year. The Commission introduced the proposal in September 2022 as part of a broader EU effort to strengthen cybersecurity across the continent.
This new law builds on the existing framework of cybersecurity regulations in the EU, including the NIS Directive and the NIS 2 Directive. After negotiations between the Council and Parliament, a final agreement was reached in November 2023.
This regulation represents a major step forward in keeping digital products safe and secure for everyone across the EU.
Cookie Consent with Real Cookie Banner