Commission President Ursula von der Leyen, in her State of the Union address on 15 September 2021, stated that she wanted to make the EU a leader in cybersecurity, in particular through a new law, the Cyber Resilience Act.
This text aims to establish new cybersecurity rules for “digital products and ancillary services,” in line with the “EU’s Cybersecurity Strategy for the Digital Decade” of 16 December 2020. The Cyber Resilience Act is intended to complement existing legislation on the subject, in particular the NIS Directive (currently under revision) and the 2019 EU Cybersecurity Act.
On 25 April 2022, the European Commission presented a first version of the Cyber Resilience Act for public review and consultation. The text has three main objectives:
- Ensuring a consistently high level of cyber security of digital products throughout their whole life cycle;
- Aiming to enable users to match security properties of such products against their needs, especially through enhancing the transparency of cybersecurity features;
- Improving the functioning of the internal market by levelling the playing field for sellers of digital products.