Brussels, October 2024 — The European Council has adopted the Cyber Resilience Act, a new law aimed at establishing uniform cybersecurity requirements for digital products across the EU. This regulation will apply to a wide range of connected devices, such as home cameras, refrigerators, televisions, and toys, to ensure they meet stringent security standards before reaching the market.
The legislation is intended to address gaps in existing cybersecurity regulations and make the overall legislative framework more coherent. It applies to both hardware and software products, requiring them to meet cybersecurity standards throughout their design, development, and production processes. Products that comply with the new requirements will carry the CE marking, signifying adherence to EU safety, health, and environmental protection standards.
The Act will apply to most products connected to other devices or networks, with exceptions for those already governed by separate EU rules, such as medical devices, aeronautical products, and vehicles.
Implications for Consumers and Manufacturers
The new regulation aims to simplify the identification of secure digital products for consumers, making it easier to factor cybersecurity into purchasing decisions. For manufacturers, the Act standardizes the cybersecurity requirements across the EU, reducing the complexity caused by overlapping regulations in different member states.
Next Steps
Following the Council's adoption, the legislative act will be signed by the presidents of the European Council and the European Parliament. It will be published in the EU’s official journal in the coming weeks, entering into force 20 days later. The law will become fully applicable 36 months after its enforcement, with certain provisions taking effect earlier.
This legislative development follows the European Commission’s proposal submitted in September 2022, as part of a broader effort to enhance the EU’s cybersecurity framework, complementing existing laws such as the NIS Directive and the Cybersecurity Act.