INDUSTRIES, TECHNOLOGY | Cyber Resilience Act passed by EU Parliament

On 12 March 2024, the European Parliament approved the Cyber Resilience Act, whose text was substantially agreed upon with the Council of the European Union in December 2023. The Cyber Resilience Act addresses regulatory gaps concerning the security of products with digital elements, unless those products are already covered by ad hoc regulations. The Act will not apply equally to all products, as it places a different set of obligations depending on the categories of product set forth in the Act itself and on the nature of the addresses of its norms (manufacturer, importer or distributor). Notably, manufacturers will be responsible for, among other things, (a) conducting an assessment of the cybersecurity risks associated with a product with digital elements; (b) providing support services to ensure that any vulnerability is managed effectively and in accordance with the Cyber Resilience Act; (c) designating a point of contact to enable users to communicate directly and quickly with the manufacturer; and (d) notifying the designated domestic authority and ENISA of any serious incidents they become aware of.

Newsletter n. 96 – May 2024