On November 30, 2023, the European Parliament and Council announced they had reached an agreement on the Cyber Resilience Act. Initiated in September 2022, the European bill aims to strengthen the cybersecurity of connected objects. It will thus complement the NIS2 Directive, without encroaching on its jurisdiction.
The compromise passed by Parliament and Council retains the European Commission’s proposal, in essence. Among the most significant amendments:
- a simplified method for categorizing the digital goods covered by the bill;
- a shorter duration of requirements (five years, by default) for products with shorter lifespans;
- mandatory reporting to relevant national authorities first and foremost, upon discovery of vulnerabilities.
José Luis Escrivá, the Spanish Minister of Digital Transition, sees the agreement as “a significant step towards a safe and secure single digital market in Europe.” The compromise paves the way for a definitive Cyber Resilience Act, which should be voted on by member States in the coming weeks.