New EU cybersecurity rules take effect today, which will make everything from baby-monitors to smart watches safer. With the entry into force of the Cyber Resilience Act, specific mandatory cybersecurity requirements will now apply to all products connected directly or indirectly to another device or network (except for specified exclusions). These requirements will be imposed on manufacturers and retailers.
The Act will guarantee
- harmonised rules when bringing to market products or software with a digital component
- a framework of cybersecurity requirements governing the planning, design, development and maintenance of such products, with obligations to be met at every stage of the value chain
- an obligation to provide duty of care for the entire lifecycle of such products
In practice this means that manufacturers will have to place compliant products on the EU market by 2027. These products will bear the CE marking to indicate they comply with the new standards. By requiring manufacturers and retailers to prioritise cybersecurity, customers and businesses will be empowered to make better-informed choices.
The EU works on various fronts to promote cyber resilience. Underpinning this work is the EU Cyber Security Strategy which was presented at the end of 2020. It covers the security of essential services such as hospitals, energy grids and railways, as well as of the ever-increasing number of connected objects in our homes, offices and factories. The European Union Agency for Cybersecurity (ENISA) is the EU agency dedicated to achieving a high common level of cybersecurity across Europe.
Cybersecurity and enforcing EU digital laws will continue to be important throughout the 2024-2029 Commission mandate. The Commission will soon propose a European action plan on the cybersecurity of hospitals and healthcare providers to safeguard healthcare systems.
For more information
A new plan for Europe’s sustainable prosperity and competitiveness