Brussels, 16 September 2022 – TIC Council welcomes the Commission's proposal for a Cyber Resilience Act, which aims to establish harmonised baseline requirements for a wide range of devices connected to the Internet. The proposal constitutes a good first step towards a more cyber-resilient single market.
Announced a year ago by the European Commission’s President, Ursula von der Leyen, the Cyber Resilience Act was finally published on Thursday 15 September 2022. It aims to improve the security of the European and global digital space, as well as to raise cybersecurity awareness of European consumers. In light of "an estimated annual global cost of cybercrime of €5.5 trillion in 2021", the independent TIC industry supports regulatory intervention that will contribute to making the European Union a leader in cybersecurity.
To achieve these goals, the Commission's proposal to instore minimal cybersecurity requirements will apply to a wide range of products with a digital element, divided into different product categories. While products will all be subject to similar essential requirements, the conformity assessment procedure will be different depending on the risk classification of the product. However, it is estimated that 90% of the products subject to the Regulation, even if subject to new rules, will still be assessed by the companies that manufacture them, leaving on the market a certain amount of devices that can pose risks to consumers’ safety and security. In addition, the Cyber Resilience Act provides for further rules, including obligations that apply throughout the lifecycle of these products to ensure a continuous level of security, even after they are placed on the market.
TIC Council remains concerned about certain key elements of the text. The nature of IoT environments, where products with digital elements can collect, store, and share data, complicates what we traditionally think of as "low risk". European lawmakers must therefore ensure that any room for interpretation or legislative loopholes is closed and should favour conformity assessment by bodies that are independent of the product developer.
The TIC sector has the necessary impartiality, experience, expertise in personnel and technical capacity to verify all types of new technologies through penetration testing, calculations, remote or onsite inspections and other specialised services. The TIC sector has a longstanding experience in offering services related to security and privacy.
As the proposal states, "Any compliance costs for businesses would be outweighed by the benefits brought by a higher level of security of products with digital elements and ultimately an increase of trust of users in these products."
Should you wish to further discuss the topic, please directly contact: