Back

Discover the new Cyber Resilience Act presented by the European Commission

Cyber Policy -15th September 2022

New Cyber Resilience Act presented by the European Commission

ECSO warmly welcomes the European Commission’s proposal of the Cyber Resilience Act (CRA). This regulation sets another important milestone for the resilience of all digital products sold in the European internal market.


As first ever EU-wide legislation of its kind, it introduces mandatory cybersecurity requirements for products with digital elements, throughout their whole lifecycle. The cross-sectorial proposal will strengthen the security of all digital products from hardware to embedded and non-embedded software, including ancillary services. Provisions on vulnerability handling will make supply chains more robust and save several billions of euros to European companies and consumers.


The proposed Cyber Resilience Act would guarantee:

  • harmonised rules when bringing to market products or software with a digital component;
  • a framework of cybersecurity requirements governing the planning, design, development and maintenance of such products, with obligations to be met at every stage of the value chain;
  • an obligation to provide duty of care for the entire lifecycle of such products.


Margaritis Schinas, Vice-President of the European Commission for Promoting our European Way of Life, said: “The Cyber Resilience Act is our answer to modern security threats that are now omnipresent through our digital society. The EU has pioneered in creating a cybersecurity ecosystem through rules on critical infrastructure, cybersecurity preparedness and response, and the certification of cybersecurity products. Today, we are completing this ecosystem through an Act that brings security in everyone's home, in all our businesses and in every product that is interconnected. Cybersecurity is a matter for society, no longer an industry affair.”

Thierry Breton, Commissioner for the Internal Market, said: "When it comes to cybersecurity, Europe is only as strong as its weakest link: be it a vulnerable Member State, or an unsafe product along the supply chain. Computers, phones, household appliances, virtual assistance devices, cars, toys… each and every one of these hundreds of million connected products is a potential entry point for a cyberattack. And yet, today most of the hardware and software products are not subject to any cyber security obligations. By introducing cybersecurity by design, the Cyber Resilience Act will help protect Europe's economy and our collective security.”


Read more here.

Download all documents here.

Find out how the CRA will work in practice here.



Source and photo credits: European Commission