EU countries reached a negotiating mandate on the Cyber Resilience Act today in Brussels. The Cyber Resilience Act is legislation that ensures digital products, including all hardware, software, and components, meet essential cybersecurity requirements before entering the European market. Manufacturers will be obligated to provide free security updates and report digital vulnerabilities and incidents. This means that both consumers and business users in the European Union (EU) can rely on safe digital products.
The Dutch government actively supported this legislation as the Cyber Resilience Act is a crucial part of its efforts to enhance the safety of digital products and services for everyone.
According to Minister Adriaansens (Economic Affairs and Climate), the revised text of the legislation has been further improved compared to the European Commission’s original proposal. In the amended text, the support period for security updates is aligned with the product’s expected lifespan, which consumers and businesses can reasonably anticipate, instead of the maximum period of five years proposed by the European Commission. Additionally, measures have been included to support small and micro-businesses in complying with the legislation. Simplified formats for technical documentation, training, and awareness initiatives are now part of the proposal.
The Dutch government believes that thanks to the Cyber Resilience Act, European consumers and business users can trust that the hardware and software they will use in the future will be safer. This autumn, during Spain’s presidency of the Council of the EU, negotiations with the European Parliament on the final text of the law will be conducted on behalf of the member states.