EU-Kommission: Entwurf für EU Cyber Resilience Act vorgelegt - Vorschriften zur Cybersicherheit von Produkten mit digitalen Elementen
Die EU-Kommission hat ihren Entwurf für den EU Cyber Resilience Act vorgelegt. Dieser soll die Cybersicherheit von Produkten mit digitalen Elementen erhöhen.
1. Proposal for a Regulation on cybersecurity requirements for products with digital elements - Cyber resilience Act als PDF-Datei
2. Annexes Proposal for a Regulation on cybersecurity requirements for products with digital elements - Cyber resilience Act als PDF-Datei
Die Meldung der EU-Kommission:
The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products.
EU Cyber Resilience Act - For safer and more secure digital products
Hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of €5.5 trillion by 2021.
Such products suffer from two major problems adding costs for users and the society:
a low level of cybersecurity, reflected by widespread vulnerabilities and the insufficient and inconsistent provision of security updates to address them, and an insufficient understanding and access to information by users, preventing them from choosing products with adequate cybersecurity properties or using them in a secure manner.
While existing internal market legislation applies to certain products with digital elements, most of the hardware and software products are currently not covered by any EU legislation tackling their cybersecurity. In particular, the current EU legal framework does not address the cybersecurity of non-embedded software, even if cybersecurity attacks increasingly target vulnerabilities in these products, causing significant societal and economic costs.
Two main objectives were identified aiming to ensure the proper functioning of the internal market:
1.create conditions for the development of secure products with digital elements by ensuring that hardware and software products are placed on the market with fewer vulnerabilities and ensure that manufacturers take security seriously throughout a product’s life cycle; and
2. create conditions allowing users to take cybersecurity into account when selecting and using products with digital elements.
Four specific objectives were set out:
1. ensure that manufacturers improve the security of products with digital elements since the design and development phase and throughout the whole life cycle;
2. ensure a coherent cybersecurity framework, facilitating compliance for hardware and software producers;
3. enhance the transparency of security properties of products with digital elements, and
4. enable businesses and consumers to use products with digital elements securely.
1. Proposal for a Regulation on cybersecurity requirements for products with digital elements - Cyber resilience Act als PDF-Datei
2. Annexes Proposal for a Regulation on cybersecurity requirements for products with digital elements - Cyber resilience Act als PDF-Datei
Die Meldung der EU-Kommission:
The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products.
EU Cyber Resilience Act - For safer and more secure digital products
Hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of €5.5 trillion by 2021.
Such products suffer from two major problems adding costs for users and the society:
a low level of cybersecurity, reflected by widespread vulnerabilities and the insufficient and inconsistent provision of security updates to address them, and an insufficient understanding and access to information by users, preventing them from choosing products with adequate cybersecurity properties or using them in a secure manner.
While existing internal market legislation applies to certain products with digital elements, most of the hardware and software products are currently not covered by any EU legislation tackling their cybersecurity. In particular, the current EU legal framework does not address the cybersecurity of non-embedded software, even if cybersecurity attacks increasingly target vulnerabilities in these products, causing significant societal and economic costs.
Two main objectives were identified aiming to ensure the proper functioning of the internal market:
1.create conditions for the development of secure products with digital elements by ensuring that hardware and software products are placed on the market with fewer vulnerabilities and ensure that manufacturers take security seriously throughout a product’s life cycle; and
2. create conditions allowing users to take cybersecurity into account when selecting and using products with digital elements.
Four specific objectives were set out:
1. ensure that manufacturers improve the security of products with digital elements since the design and development phase and throughout the whole life cycle;
2. ensure a coherent cybersecurity framework, facilitating compliance for hardware and software producers;
3. enhance the transparency of security properties of products with digital elements, and
4. enable businesses and consumers to use products with digital elements securely.