Cyber Resilience Act

Digital products and ancillary services create opportunities for EU economies and societies. But they also lead to new challenges. In an interconnected world, cybersecurity incidents threaten to affect an entire system and disrupt a wide array of economic and social activities.

In this regard, the European Commission is currently working on proposing a regulation for a European Cyber Resilience Act. Such as proposal was first announced by President von der Leyen in her State of the Union Address in September 2021.

This proposal for a Cyber Resilience Act seeks to introduce common cybersecurity rules for manufacturers and vendors of tangible and intangible digital products and ancillary services. Ultimately, the aim is to protect consumers from insecure products while still addressing market needs.

As part of the preparation for this proposal, the Commission has launched a public consultation to gather the views and experience from a variety of stakeholders with respect to cyber security and resilience. More specifically, through this open consultation, the Commission would like to gather stakeholders’ views on:

  • current and emerging problems related to the cyber security of digital products and associated services, including non-embedded software;
  • possible policy approaches to address such problems, the available options and their potential impacts; and
  • evidence and data underpinning the identified problems.

The feedback provided will feed into the Commission’s proposal for a Cyber Resilience Act that is expected in the second half of this year.

Individuals, businesses and competent authorities interested in partaking in this online consultation are invited to provide their input by May 25, 2022.