Cyber Resilience Act – EU starts public consultation

The proposed law regulates cybersecurity requirements for a wide range of digital products and related ancillary services. The subject of the law is tangible digital (wireless and wired) products and non-embedded software in their entire life cycle. Thus, the act covers hardware and software equally. As a horizontal piece of legislation, the act selectively complements existing cybersecurity regulations such as the Cyber Security Act (Regulation (EU) 2019/881) or Delegated Regulation (EU) 2022/30.

The legislative initiative defines the following three main objectives:

“Firstly, it aims to enhance and ensure a consistently high level of cybersecurity of digital products and ancillary services.
Secondly, it aims to enable users to match the security properties of such products against their needs, including by enhancing the transparency of cybersecurity features. This would protect users from insecure digital products and ancillary services, and incentivise vendors to offer more secure products, thus increasing the trust in the digital single market.
Third, it seeks to improve the functioning of the internal market by levelling the playing field for vendors of digital products and ancillary services.”

The legislative initiative is based on the so-called New Legislative Framework (NLF). According to this, the law is to define the basic cybersecurity requirements, which will be concretised by (legally non-binding) harmonised standards for the various product categories. In addition, the act introduces obligations for economic operators as well as provisions on conformity assessment, notification of conformity assessment bodies and market surveillance.

This initiative once again underlines the increasing importance of cybersecurity as a target in product regulation. After all, cybersecurity has a significant impact on product safety. Whether this law will actually achieve a higher level of protection and what concrete additional obligations it will impose on economic operators remains to be seen.

For further details: Wiebe, InTeR 2021, 66 et seq. (available here); Schucht, NVwZ 2021, 532 et seq.

Do you have any questions about this news, or would you like to discuss the news with the authors? Please contact: Dr. Gerhard Wiebe

EU Packaging Regulation nears final adoption

On 24.04.2024, the EU Parliament adopted the English trilogue version of the EU Packaging Regulation in its last session before the European elections. The final decision on all other language versions in the EU Parliament and then the Council decision are now imminent. The regulation will then be published in the Official Journal of the EU and is expected to apply in principle from mid-2026.

Agreement on unified charging cables at EU level

The EU Parliament, Council of Ministers and Commission have agreed on a proposal published by the Commission in September 2021 to amend Directive 2014/53/EU (the so-called EU Wireless Equipment Directive). It is expected that from mid-2024 smartphones and devices with compara-ble power requirements will have to have a USB-C charging interface and support the fast-charging protocol USB Power Delivery.

Cyber Resilience Act – EU starts public consultation

You may also be interested in:

EU Packaging Regulation nears final adoption

“Second amendment” entered into force – New transitional periods for (certain) medical devices under Regulation (EU) 2017/745 (MDR)

Agreement on unified charging cables at EU level

Contact