October 22, 2024 at 08:04AM
The Council of the European Union has adopted the Cyber Resilience Act, ensuring connected devices meet new cybersecurity standards before market release. This law enhances existing regulations and provides consumers with clearer options for secure products, featuring a “CE” label for compliance. The act will take effect in 2027.
**Meeting Takeaways: Cyber Resilience Act (CRA)**
1. **Adoption of Law**: The Council of the European Union has adopted the Cyber Resilience Act, effective earlier this month.
2. **Scope of the Law**:
– Targets connected devices, including consumer products (smart doorbells, televisions, toys) and commercial devices (IP cameras).
– Establishes an EU-wide framework covering the design, development, production, and sale of connected hardware and software.
3. **Goals and Enhancements**:
– Strengthens existing cybersecurity legislation.
– Ensures the security of IoT products throughout their lifecycle, from supply chain to end-of-life.
4. **Consumer Empowerment**:
– New labeling (“CE”) will help consumers identify products with adequate cybersecurity features, aiding informed purchasing decisions.
5. **Exemptions**:
– The law does not apply to products already regulated by existing EU regulations, including medical devices, aeronautical products, and vehicles.
6. **Next Steps**:
– The CRA will be signed by the presidents of the Council and the European Parliament and published in the EU’s official journal in the coming weeks.
– The regulation takes effect 20 days after publication, with full application starting in 2027, though certain provisions will apply earlier.