Understanding the Cyber Resilience Act’s Security Requirements for Digital Products

With the European Council’s recent adoption of the Cyber Resilience Act, a new chapter in cybersecurity regulation opens, promising to reshape how digital products are developed and maintained across the EU. It aims to establish horizontal cybersecurity requirements for digital products and connected devices, ensuring these products are more secure when placed on the market and throughout their lifecycle.

The regulation is designed to address increasing cybersecurity threats from connected devices, aiming to protect both businesses and consumers. It seeks to reduce the vulnerabilities in hardware and software by introducing security standards that manufacturers must follow. This is to prevent attacks, ensure timely security updates, and provide consumers with clear cybersecurity information.

The Cyber Resilience Act was first announced by Commission President von der Leyen in September 2021 and was subsequently highlighted in the Council’s conclusions on enhancing the EU’s cyber posture. The proposal builds on existing frameworks like the NIS directive and the EU Cybersecurity Act, ensuring a consistent approach across different sectors. This Act reflects the EU’s broader cybersecurity strategy, including the ambition to position the Union as a global leader in secure digital products.

Topics discussed in the white paper include:

• Goals of the act
• Key provisions of the act
• Five ways Armis helps
• Next steps after adoption