The next piece of the puzzle is almost ready to fit into the EU cybersecurity framework. On November 30, the Council of the European Union and Parliament reached an agreement on the EU Cyber Resilience Act (CRA), which introduces uniform cybersecurity requirements for products with digital elements. Like other laws in the EU Data Strategy, the CRA aims to establish accountability for manufacturers and transparency for consumers and businesses. A vulnerability response process also occurs.
While simplifying the scope of the CRA and adding a three-year grace period, the agreement reached by the Council of the EU and the EU Parliament also requires the EU Commissioners to support the product for at least five years. The meeting’s proposal has been revised. There is an obligation to report exploited vulnerabilities and incidents.
Once details are finalized, a final draft is expected to be submitted in the coming weeks.
Here we provide updates on the development of the European Cybersecurity Framework.
Cyber Resilience Act: Council and Parliament reach agreement on security requirements for digital products Negotiators from the Council Presidency and the European Parliament have reached a tentative agreement on a draft law on cybersecurity requirements for products with digital elements. . Connected home cameras, refrigerators, TVs, and toys will be secured before they are released into the market (Cyber Resilience Act).