CONSUMER PRODUCTS AND RETAIL E-SSENTIALS

Your regular update for technical and industry information

Your regular update for technical and industry information

The Cyber Resilience Act bolsters cybersecurity rules to ensure more secure hardware and software products

SEPTEMBER 2022

The Cybersecurity Resilience Act is now public.

Scope:

Products with digital elements (any software or hardware product) whose intended or reasonably foreseeable use includes a direct or indirect logical or physical data connection to a device or network.

Manufacturer responsibilities:

  1. Cybersecurity is taken into account in planning, design, development, production, delivery and maintenance phase;
  2. All cybersecurity risks are documented;
  3. Manufacturers will have to report actively exploited vulnerabilities and incidents;
  4. Once sold, manufacturers must ensure that for the expected product lifetime or for a period of five years (whichever is the shorter), vulnerabilities are handled effectively;
  5. Clear and understandable instructions for the use of products with digital elements;
  6. Security updates to be made available for at least five years.

 

Next Steps:

  • European Parliament and the Council to examine the proposed Cyber Resilience Act.
  • Entry into force and 2 years transition period before mandatory
     

Reference: Cyber Resilience Act | Shaping Europe’s digital future (europa.eu)

Bước tiếp theo

Chọn vị trí