European Union: Adopted Council general approach on Cyber Resilience Act including cybersecurity requirements for products with digital elements

On 19 July 2023, the Council of the European Union reached a common position on the proposed Cybersecurity Requirements for Products With Digital Elements (Cyber Resilience Act), which aim to establish mandatory cybersecurity requirements for products with digital components, such as connected home cameras, smart fridges, TVs, and toys. The Act outlines safety requirements that have to be met by products before they enter the market. The proposed Act will apply to all products connected to other devices or networks, except for those already covered by existing EU rules on cybersecurity, such as medical devices, aviation, or cars. The Council's common position aligns with the Commission's proposal, focusing on rules to hold manufacturers responsible for compliance with security requirements, vulnerability handling processes, transparency for consumers and business users, and market surveillance. In addition, the Council's text includes amendments regarding the scope of the legislation, reporting obligations, determination of product lifetime, support for small and micro enterprises, and a simplified declaration of conformity. With the agreement on the Council's common position, negotiations between the Council and the European Parliament will begin.