The Cyber Resilience Act, which was recently adopted by the Council of the European Union, is set to revolutionize the way connected devices are regulated in the EU. The new law aims to ensure that all digital products – from smart doorbells to commercial IP cameras – meet stringent cybersecurity requirements before they are allowed to enter the market.
With the adoption of the Cyber Resilience Act, the EU is taking a significant step towards enhancing the security of IoT devices. The new regulations cover every aspect of the design, development, production, and sale of hardware and software products that connect to other devices or networks. This comprehensive framework is designed to make existing cybersecurity legislation more coherent and to guarantee the security of IoT products throughout their lifecycle.
One of the key provisions of the Cyber Resilience Act is the requirement for all connected digital products to be labeled with a “CE” mark, indicating that they meet the necessary cybersecurity standards. This labeling system is intended to make it easier for consumers to identify products with adequate security features and to make informed decisions when shopping for connected devices.
It is important to note that certain products, such as medical devices, aeronautical products, and cars, which are already subject to existing EU regulations, are exempt from the requirements of the Cyber Resilience Act. This ensures that companies manufacturing these products are not burdened with redundant regulations.
The signing of the legislative act by the presidents of the Council and the European Parliament, followed by its publication in the EU’s official journal, will mark the official entry into force of the regulation. The Cyber Resilience Act is set to come into effect three years after its publication, in 2027, although some provisions may be applicable earlier.
Overall, the adoption of the Cyber Resilience Act represents a significant milestone in the EU’s efforts to enhance cybersecurity and protect consumers from potential threats posed by connected devices. By setting stringent security requirements for digital products and establishing a clear regulatory framework, the EU is taking proactive steps to ensure the safety and integrity of the digital ecosystem.