On November 20, 2024, the European Parliament and the Council of the European Union officially adopted Regulation (EU) 2024/2847, known as the Cyber Resilience Act. This landmark legislation establishes horizontal cybersecurity requirements for products with digital elements, aiming to bolster trust, safety, and resilience in the digital marketplace. The Regulation is set to come into effect on December 10, 2024, with its provisions becoming fully applicable from December 11, 2027.

Key Objectives of the Cyber Resilience Act  

The Cyber Resilience Act addresses the growing risks associated with the increasing integration of digital technologies in consumer and industrial products. Its primary objectives include:

1. Enhanced Cybersecurity Standards
   The Regulation introduces uniform rules to ensure that products with digital elements, such as IoT devices and software, meet robust cybersecurity standards throughout their lifecycle.

2. Market Surveillance and Compliance
   It mandates clear guidelines for market surveillance, empowering national authorities to monitor compliance and take corrective actions against non-conforming products.

3. Proactive Risk Management
   Manufacturers are required to assess, prevent, and mitigate cybersecurity risks in the design, development, and distribution phases of their products.

4. Consumer Protection
   By ensuring that digital products are secure by design, the Act protects consumers from cybersecurity threats, such as unauthorized access, data breaches, and malware attacks.

Key Provisions  

• Scope: The Regulation applies to a wide range of products, from connected devices to software applications, ensuring cybersecurity across the board.

• Accountability: Manufacturers, importers, and distributors are held responsible for ensuring compliance with cybersecurity requirements.

• Transparency: Clear communication of cybersecurity features and potential vulnerabilities is required, empowering consumers and businesses to make informed choices.

Timeline and Impact  

While the Cyber Resilience Act will officially enter into force in December 2024, the three-year transitional period until December 2027 gives businesses time to align with the new requirements. This Regulation marks a significant step toward a safer digital ecosystem, fostering innovation while addressing cybersecurity challenges in an increasingly connected world.

If you would like more information about CE  regulations or if you require a local CE Agent, please get in touch with iCertifi, your trusted CE partner.