Skip to main content
Shaping Europe’s digital future
Press release | Väljaanne

New EU cybersecurity rules ensure more secure hardware and software products

The Commission presented yesterday a proposal for a new Cyber Resilience Act to protect consumers and businesses from products with inadequate security features.

EU Cyber Resilience Act - For safer and more secure digital products

© European Union

A first ever EU-wide legislation of its kind, it introduces mandatory cybersecurity requirements for products with digital elements, throughout their whole lifecycle.

The Act, announced by President Ursula von der Leyen in September 2021 during her State of the European Union address, and building on the 2020 EU Cybersecurity Strategy and the 2020 EU Security Union Strategy, will ensure that digital products, such as wireless and wired products and software, are more secure for consumers across the EU: in addition to increasing the responsibility of manufacturers by obliging them to provide security support and software updates to address identified vulnerabilities, it will enable consumers to have sufficient information about the cybersecurity of the products they buy and use.

Thierry Breton, Commissioner for the Internal Market, said:

When it comes to cybersecurity, Europe is only as strong as its weakest link: be it a vulnerable Member State, or an unsafe product along the supply chain. Computers, phones, household appliances, virtual assistance devices, cars, toys… each and every one of these hundreds of million connected products is a potential entry point for a cyberattack. And yet, today most of the hardware and software products are not subject to any cyber security obligations. By introducing cybersecurity by design, the Cyber Resilience Act will help protect Europe's economy and our collective security.

Read the full press release.

Related content

Cyber Resilience Act

Policy and legislation | 15 September 2022

The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products.

Cyber Resilience Act - Factsheet

Factsheet / infographic | 15 September 2022

The Cyber Resilience Act introduces mandatory cybersecurity requirements for hardware and software products, throughout their whole lifecycle.