Council

EU council adopts new cybersecurity law for digital products

Giuseppe de vita
Giuseppe de vita
EU council adopts new cybersecurity law for digital products
Credit: Michel Spingler/Michel Spingler

Brussels (Brussels Morning Newspaper) – The EU Council adopted a new law on security requirements for digital products.

Contents
What are the key elements of the new regulation?When was the Cyber Resilience Act first proposed?

The European Council adopted a new law on cybersecurity requirements for products with digital elements to assure that products, such as attached home cameras, fridges, TVs, and toys, are safe before they are set on the market (Cyber Resilience Act). The new regulation seeks to fill the gaps, explain the links, and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital features, for example, ‘Internet of Things’ (IoT) products, are protected throughout the supply chain and their lifecycle.

What are the key elements of the new regulation?

The new law presents EU-wide cybersecurity requirements for the invention, development, production and making known on the market of hardware and software products, to bypass overlapping requirements arising from different pieces of legislation in EU member states. 

The regulation will involve all products that are linked either directly or indirectly to another device or a network. 

Finally, the new law will permit consumers to take cybersecurity into account when choosing and using products that contain digital elements, making it more comfortable for them to determine hardware and software products with the proper cybersecurity components.

When was the Cyber Resilience Act first proposed?

First reported by EU Commission President von der Leyen in her State of the Union address in September 2021, the Cyber Resilience Act was noted in the Council conclusions of 23 May 2022 on the development of the European Union’s cyber posture, which called upon the Commission to present its proposal by the end of 2022.

On 15 September 2022, the Commission presented the proposal for a cyber resilience act, which will complement the current EU cybersecurity framework: the directive on the security of network and information systems (NIS directive), the directive on standards for a high level of cybersecurity across the Union (NIS 2 directive) and the EU cybersecurity act. Following interinstitutional negotiations (‘trilogues’), a provisional arrangement was reached between the co-legislators on 30 November 2023.

About Us

Brussels Morning is a daily online newspaper based in Belgium. BM publishes unique and independent coverage on international and European affairs. With a Europe-wide perspective, BM covers policies and politics of the EU, significant Member State developments, and looks at the international agenda with a European perspective.
Share This Article
By Giuseppe de vita
Giuseppe De Vita is a journalist at Brussels Morning News, He is covering European politics, Law and Technology news. Lawyer at De Vita & Partners Law Firm specializing in Criminal Law, Military and Space Law, and Cyber Security. In April 2023, he authored the monograph "Governance in Extraterrestrial Space", showcasing his extensive legal expertise. He has acquired vast experience in handling criminal and civil matters, managing litigation before various levels of jurisdiction across the national territory. In 2010, he obtained a Master's degree in Information Technology Law. Additionally, in the same year, he served as a teacher in criminal-IT subjects at the Penitentiary Police School of Portici, providing courses aimed at officials and managers of the Penitentiary Police and the Penitentiary Administration, focusing on IT security. He also serves as a Workplace Safety teacher, conducting training courses at various organizations and educational institutions. Moreover, he is a lecturer on Anti-Corruption and Transparency. The law firm, under his guidance, assists both private and corporate clients in court, accumulating significant experience in criminal and civil disputes over the years. Furthermore, it conducts Risk Management and Compliance, Cyber Resilience, and Cyber Security activities, with a specific focus on privacy protection (EU Regulation 2016/679 - GDPR). Giuseppe frequently publishes articles in legal journals, analyzing various regulatory issues. He has contributed articles to the legal journal Altalex, of which he is also a member of the Scientific Committee.
Previous Article EU Parliament demands release of Uyghur prisoners in China EU Parliament demands release of Uyghur prisoners in China
Next Article EU Council updates design laws for digital era EU Council updates design laws for digital era
The Brussels Morning Newspaper Logo

Subscribe for Latest Updates