EU Cyber Resilience Act

Briefing 20-12-2024

New technologies come with new risks, and the impact of cyber-attacks through digital products has increased dramatically in recent years. Consumers are increasingly falling victim to security flaws linked to digital products such as baby monitors, robo-vacuum cleaners, Wi-Fi routers and alarm systems. For businesses, the importance of ensuring that digital products in the supply chain are secure has become pivotal, considering three in five vendors have already lost money as a result of product security gaps. The European Union's lawmakers signed the 'cyber-resilience act' in October 2024. The regulation imposes cybersecurity obligations on all products with digital elements whose intended and foreseeable use includes direct or indirect data connection to a device or network. The regulation introduces cybersecurity by design and by default principles and imposes a duty of care for the lifecycle of products. The Cyber Resilience Act was published in the EU's Official Journal on 20 November 2024. It entered into force in December 2024 and will apply in full as of 11 December 2027. Fourth edition. The 'EU Legislation in Progress' briefings are updated at key stages throughout the legislative procedure.