The upcoming European cyber resilience legislation will be an important part of the European strategic, policy, and legal framework for cybersecurity. In mid-March, the European Commission launched a public consultation to gather opinions and experiences for the drafting of the planned new law. Have your say!
The new European cyber resilience act aims to establish common cybersecurity rules for digital products and related services placed on the market across the European Union. It aims to protect consumers and address current market needs. The results of the public consultation, which runs until May 25, will feed into the Commission’s legislative proposal, which is expected in the second half of 2022.
Why should you participate? The specific shape of the new law has not yet been determined. It remains to be seen whether optional measures such as voluntary certification schemes, “ad hoc” regulatory measures or perhaps a combined approach will be introduced. The scope of the regulation is also currently unclear: it has yet to be decided what obligations will be imposed on industry players and what exactly the standards will look like.
“To face today’s diverse and sophisticated cyber-attacks we need advanced technology, secure infrastructure, and increased operational cooperation, as well as a common approach on cybersecurity benchmarks for products and services”, said Thierry Breton, European Commissioner responsible for the Internal Market. “We are looking forward to receiving input from all interested citizens and organisations to help us shape the new Cyber Resilience Act that will become a key part of the European strategic, policy, and legislative framework in cybersecurity.”
The resilience of Europe’s digital infrastructure and the cyber dimension of the EU have become the focus of several political agendas, not least because of the recent cyber-attacks on Ukraine in the context of escalating geopolitical tensions and conflicts. In early March, European governments had drafted a declaration to strengthen the EU’s cybersecurity capabilities, including establishing a new fund and increasing EU resources to support national efforts. Breton also wrote back in September 2021 that he believes this law should also have a defense dimension to maximize synergies.
The Cyber Resilience Act will complement the existing EU legislative framework, which includes the Directive on the security of Network and Information Systems (NIS Directive) and the Cybersecurity Act, as well as the future Directive on measures for high common level of cybersecurity across the Union (NIS 2) that the Commission proposed in December 2020.
By participating in the public consultation, you can still have an impact on the specifics of the draft.
