Cyber Resilience Act – Security for the digital future
REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020
The Cyber Resilience Act is an EU-wide regulation that establishes uniform cybersecurity standards for products with digital elements. It aims to oblige manufacturers and operators to ensure an appropriate level of security for hardware and software and thus protect against cyber threats. The Cyber Resilience Act ensures greater transparency, security and trust in digital products both in the consumer market and in industry.
easyCE is at your side with comprehensive expertise! Our team of experts will support you with all questions relating to the Cyber Resilience Act and guide you on the path to compliance. From risk assessment to CE labelling - we are always at your disposal.
Q&A
Which products are covered by the Cyber Resilience Act?
All products with digital elements that establish a logical or physical data connection to networks or other devices fall under the Cyber Resilience Act. This includes both consumer products and industrial applications.
Why is it important to consider products under the Cyber Resilience Act regulations?
The Cyber Resilience Act ensures that products meet the highest cyber security requirements. Compliance with these regulations protects companies from cybersecurity risks and increases consumer confidence in the products, which also simplifies CE labelling.
When does the Cyber Resilience Act apply?
The Cyber Resilience Act comes into force in 2024. From this date, economic operators and Member States will have 36 months to fulfil the new requirements and ensure compliance with the Act, including CE marking.
What can I do until the Cyber Resilience Act comes into force?
Prepare by reviewing the cybersecurity of your products in line with the Cyber Resilience Act. Ensure that your products comply with the requirements, carry out a risk assessment and develop security measures. easyCE supports you in planning and implementation to prepare your products for CE marking at an early stage.
What role does the new European Machinery Regulation - Regulation (EU) 2023/1230 play in relation to the Cyber Resilience Act?
Machinery Regulation 2023/1230 sets out specific requirements for the cybersecurity of machinery, particularly with regard to protection against tampering. The Cyber Resilience Act and the Machinery Ordinance work hand in hand to ensure security in the industrial sector. For machinery products, compliance with these regulations is just as important as CE labelling.
Which products do not fall within the scope of the Cyber Resilience Act?
Products from the automotive sector that fall under the ISO/SAE 21434 ‘Road vehicles - Cybersecurity engineering’ standard, as well as products from the aviation sector that are subject to special aviation standards, are excluded from the Cyber Resilience Act. These products must fulfil their own industry-specific security requirements, which are decisive for CE marking in these areas.
In addition to the Cyber Resilience Act, what other directives, regulations and standards need to be considered for compliance?
Products must not only comply with the Cyber Resilience Act, but also with all applicable EU directives, regulations and standards. These requirements ensure that safety, health and environmental standards are met, which forms the basis for CE labelling.
What does the technical documentation for CE labelling with the Cyber Resilience Act look like?
The technical documentation must include a full risk assessment and evidence of compliance with the cybersecurity requirements of the Cyber Resilience Act. This documentation is required to obtain the CE marking and to confirm conformity with EU regulations.
Is there already information on harmonised standards for the Cyber Resilience Act?
Harmonised standards for many product categories are currently being developed. The EU Commission is working on providing technical standards that make it easier for companies to comply with the Cyber Resilience Act and contribute to CE labelling.
What is required for CE labelling?
For CE labelling, the product must comply with the basic cybersecurity requirements of the Cyber Resilience Act. This is confirmed by a conformity assessment, which can be carried out either by the manufacturer itself or by a notified body.