19 Jul 2023

Reaction to the European Parliament’s and the Council’s positions on the Cyber Resilience Act

Today, the European Parliament and the Council respectively agreed on a common position on security requirements for digital products, marking the start of trilogue negotiations

DIGITALEUROPE’s Director-General Cecilia Bonefeld-Dahl said:

“Today’s votes move this important piece of legislation forward, but the issue remains that the Cyber Resilience Act aims to cover a very broad scope of products – including hardware and software – within a very short timeframe, while industry and governments are struggling with stretched cyber resources. Parliament’s and Council’s efforts to narrow down the scope go some way to solving this problem, notably with the exclusion of spare parts. However, more clarity is needed regarding software and the classification of ‘critical’ products. 

We appreciate Parliament’s balanced proposal on product security support. On the other hand, neither the Parliament nor the Council have acknowledged the huge cyber risks that would result from disclosing unpatched vulnerabilities – this will need serious reconsideration during trilogues. 

Crucially, to achieve practical results, we should maximise the use of the well-proven approach of self-assessment through harmonised standards. We’ll also need to give manufacturers and public authorities more time to prepare for the new framework, ideally 48 months considering the time it will take to develop the necessary standards. 

Taking the best out of the original proposal and the co-legislators’ amendments will be the main challenge ahead, but if done properly we are confident the CRA can be a game-changer for Europe’s cybersecurity.” 

For more information, please contact:
Samia Fitouri
Senior Communications Manager
Zoey Stambolliu
Senior Manager for Infrastructure & Security Policy
18 Sep 2023 resource
Adapting ENISA’s mandate and collaboration in a changing cyber landscape
14 Sep 2023 resource
DIGITALEUROPE’s response to the public consultation of European Supervisory Authorities on the first Batch of DORA’s Regulatory Technical Standards
11 Sep 2023 resource
Paving the way towards a collective response to cybersecurity challenges in Europe
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.