- I'm taking these 4 gadgets to the pool this summer - and why they make such a big difference
- '코트 안팎에서 데이터와 AI 활용하기'··· NBA팀 올랜도 매직의 디지털 여정
- 로봇 개와 AI 플랫폼의 만남···보스턴다이내믹스, 공장 관리 혁신 사례 공개
- 패브릭에서 데이터-AI 통합 중인 MS··· 그 이유는?
- Phone theft is on the rise - 7 ways to protect your device before it's too late
EU Adopts Cyber Resilience Act for Connected Devices
The European Union Council has officially adopted the Cyber Resilience Act (CRA) which will introduce EU-wide cybersecurity requirements for products with digital elements.
From smart doorbells and speakers to baby monitors, the regulation will apply to all products that are connected either directly or indirectly to another device or network.
The new regulation aims to fill the gaps, clarify the links and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components, for example Internet of Things (IoT) products, are made secure throughout the supply chain and throughout their lifecycle.
The CRA requirements will apply to the design, developments, production and making available on the market of hardware and software products, to avoid overlapping requirements stemming from different pieces of legislation in EU member states.
Software and hardware products will bear the CE marking to indicate that they comply with the regulation’s requirements.
CE is already used on many products traded in the European Economic Area (EEA) and it signifies that products sold in the EEA have been assessed to meet high safety, health, and environmental protection requirements.
This labelling will enable consumers to be better equipped to identify hardware and software products with the proper cybersecurity features.
There may be some exceptions to the requirements for devices for which cybersecurity requirements are already set out in other existing EU laws, such products include medical devices, aeronautical products and cards.
In the UK, a similar law, the Product Security and Telecommunications Infrastructure (PSTI) Act, came into force in April 2024.
Next Steps for the Cyber Resilience Act
Following the adoption of the legislation, the legislative act will be signed by the presidents of the Council and of the European Parliament and published in the EU’s official journal in the coming weeks.
The new regulation will enter into force twenty days after this publication and will apply 36 months after its entry into force with some provisions to apply at an earlier stage.
