The Council of the European Union has adopted new rules (Cyber Resilience Regulation) on cybersecurity requirements for products with digital elements to ensure that products such as home cameras, fridges, televisions and connected toys are safe before they are put on sale. The new rules would fill the current gaps in the existing legislative framework on cybersecurity and achieve more consistent standards by ensuring that such products are secure throughout the entire supply chain as well as during their life cycle.
These new harmonised cybersecurity requirements will apply to the design, development, manufacture and placing on the market of hardware and software products in all EU Member States. Thus, all products connected directly or indirectly to another device or to a network will bear the CE marking indicating that they comply with European regulations on safety, health and environmental protection. However, some exceptions are introduced for those products for which cybersecurity requirements are already laid down in existing legislation. This is the case for medical devices, aeronautical products and automobiles. This will allow consumers to make their purchasing decisions and use products with digital elements in an informed and appropriate way.
The legislative act will now be signed by the Council of the EU and the European Parliament and published in the Official Journal of the EU. After publication, it will enter into force 20 days later and will - as a rule - apply 36 months after its entry into force.
Source of information: Council of the European Union.