Active participation and contributions to CEN/CENELEC JTC13 WG9 activities
Horizontal standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
Contribute to the development of horizontal standards for security requirements relating to the properties of products with digital elements, including digital products that use AI systems, and considering the interplay between requirements of the Cyber Resilience Act (CRA) and the AI Act.
Contribute to the EC Standardisation Request, which targets the drafting of European standards on designing, developing and producing products with digital elements in such a way that it ensures an appropriate level of cybersecurity based on the risks.
These harmonised European standards are expected to reflect the state-of-the-art in order to minimise cybersecurity risks, which may arise in the planning, design, development, production, delivery and maintenance of products with digital elements, aiming to prevent security incidents and minimise the impact of such incidents, especially in relation to the health and safety of users.
What is the expected result and impact of this activity?
The most important impact of this activity will result from the timely delivery of harmonised standards related to cybersecurity for products with digital elements that will allow demonstration of compliance (presumption of conformance) to the obligations of the Cyber Resilience Act.
The entering into force of the Cyber Resilience Act highlights the importance of EU harmonised standards and conformity assessment (based on such harmonized standards) for the industrial stakeholders (both providers and users of products with digital elements). EU harmonised cybersecurity standards applicable to these products need to be developed and adopted as a matter of urgency for the benefit of the European industry, including SMEs and startups, as well as European users and consumers.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
Annex I of the CRA standardisation request (List of new European Standards to be drafted in support of the CRA):
#1. European standard(s) on designing, developing and producing products with digital elements in such a way that they
ensure an appropriate level of cybersecurity based on the risks. Deadline for the adoption by CEN/CENELEC: 30/08/2026
