The European Council has adopted a new law on cybersecurity requirements for products with digital elements with a view to ensuring that everyday products such as fridges, TVs, and toys are safe before they are placed on the market.
The aim of the new regulation is to harmonise the existing cybersecurity legislative framework and ensure that products with digital components, for example ‘Internet of Things’ (IoT) products, are made secure throughout the supply chain and throughout their lifecycle.
What's in the Regulation
The Cyber Resilience Act (CRA) is the first ever EU wide legislation of its kind: it introduces mandatory cybersecurity requirements for hardware and software products, throughout their whole lifecycle.
The regulation introduces unified EU-wide cybersecurity requirements for the production, development and design of hardware and software products - hence avoiding overlap requirements from different legislations in EU member states.
With this law, software and hardware products will bear the CE marking to indicate that they also comply with the CRA requirements - meeting high safety, health, and environmental protection requirements.
The CRA will also inform consumers on cybersecurity requirements when purchasing and using digital elements products - making it easier for them to identify cyber-safety hardware and software products.
How CYBERSTAND.eu will contribute to the implementation of the CRA
Following the European Council adoption, the CRA will enter into force twenty days after its publication and will apply 36 months after its entry into force with some provisions to apply at an earlier stage.
It is within this timeframe that CYBERSTAND.eu will contribute and support the CRA implementation through the creation of standards for this specific law.
To reach this goal, CYBERSTAND.eu will provide € 1.500,000 of funding to support the participation of European experts in cybersecurity standardisation activities.
Through 6 funding cycles, cybersecurity specialists will be able to contribute and help create standards for the Cyber Resilience Act, and hence strengthen Europe’s position in global cybersecurity standards.
CYBERSTAND.eu has already started the funding cycles which will run until October 2025. The first of these 6 cycles closed at the beginning of October with 20 applications which are currently being evaluated. The next cycle will run from 27th of October to 20th December 2024.