The Cyber Resilience Act bolsters cybersecurity rules to ensure more secure hardware and software products
The Cybersecurity Resilience Act is now public.
Products with digital elements (any software or hardware product) whose intended or reasonably foreseeable use includes a direct or indirect logical or physical data connection to a device or network.
- Cybersecurity is taken into account in planning, design, development, production, delivery and maintenance phase;
- All cybersecurity risks are documented;
- Manufacturers will have to report actively exploited vulnerabilities and incidents;
- Once sold, manufacturers must ensure that for the expected product lifetime or for a period of five years (whichever is the shorter), vulnerabilities are handled effectively;
- Clear and understandable instructions for the use of products with digital elements;
- Security updates to be made available for at least five years.
- European Parliament and the Council to examine the proposed Cyber Resilience Act.
- Entry into force and 2 years transition period before mandatory
Reference: Cyber Resilience Act | Shaping Europe’s digital future (europa.eu)