Europe has not been idle in recent years in terms of legislative initiatives regarding cybersecurity. Both existing and future legislation should make the European market safer in all areas. As a result, in the future, every organization will be increasingly obliged to juggle instruments such as the GDPR, NIS(2), Data Act, Data Governance Act, AI Act, Cyber Security Act, Product Liability Directive, … and last but not least the Cyber Resilience Act (CRA).
A Proposal for this Regulation (CRA) was already published on September 15, 2022, and aims basically that:
- products with digital elements marketed in the EU are secure.
- manufacturers remain responsible for cybersecurity throughout the life cycle of a product. The manufacturer has a legal duty to ensure security by design, to provide an appropriate level of security, a mandatory risk assessment, and a conformity assessment.
- importers and distributors, in turn, must verify that the products meet the aforementioned essential requirements, which creates a tiered responsibility.
- and that consumers enjoy the necessary protection through the manufacturer’s obligation of transparency regarding technical security and any updates based on detailed and understandable information.
Questions about cybersecurity or the Cyber Resilience Act?
Please feel free to schedule a video call with us through the booking link on this page or send us an e-mail (info@siriuslegal.be) and we’ll be happy to get in touch with you.