Digital Policy Alert logo

European Union: Implemented Regulation 2024/2847 on horizontal cybersecurity requirements for products with digital elements amending the Cyber Resilience Act (2020/1828)

Policy overview

Description

Implemented Regulation 2024/2847 on horizontal cybersecurity requirements for products with digital elements amending the Cyber Resilience Act (2020/1828)

On 11 December 2027, Regulation 2024/2847 on horizontal cybersecurity requirements for products with digital elements amending Regulations (EU) No 168/2013 and (EU) No 2019/1020 and the Cyber Resilience Act (2020/1828) enters into force. The EU Regulation (2024/2847) on the Cyber Resilience Act aims to enhance the cybersecurity of products with digital elements by establishing uniform cybersecurity requirements across the EU. The regulation applies to all products with digital elements, including hardware and software, that are placed on the EU market, excluding those covered by specific existing regulations such as medical devices and motor vehicles. Manufacturers must ensure that their products meet essential cybersecurity requirements throughout their lifecycle, from design to disposal. This includes conducting risk assessments, handling vulnerabilities, and providing secure updates. Compliance is demonstrated through internal controls or third-party assessments, with more stringent requirements for important and critical products, including European Cybersecurity Certification.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
supranational
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2022-03-16
in consultation

On 16 March 2022, the European Commission launched a public consultation for the Cyber Resilience A…

2022-05-25
processing consultation

On 25 May 2022, the European Commission closed the public consultation for the Cyber Resilience Act…

2022-09-15
under deliberation

On 15 September 2022, the European Commission introduced a proposal for the "Cyber Resilience Act" …

2023-07-19
under deliberation

On 19 July 2023, the Council of the European Union reached a common position on the proposed Cybers…

2023-11-30
under deliberation

On 30 November 2023, the Council of the European Union and the European Parliament reached a common…

2024-03-12
under deliberation

On 12 March 2024, the European Parliament adopted the text provisionally agreed on the regulation r…

2024-10-10
adopted

On 10 October 2024, the Council of the EU adopted the regulation on Cybersecurity Requirements for …

2024-12-10
in grace period

On 10 December 2024, the Cyber Resilience Act entered into force with a grace period. The Cyber Res…

2026-06-11
in force

On 11 June 2026, Regulation 2024/2847 on horizontal cybersecurity requirements for products with di…

2026-09-11
in force

On 11 September 2026, Regulation 2024/2847 concerning horizontal cybersecurity requirements for pro…

2027-12-11
in force

On 11 December 2027, Regulation 2024/2847 on horizontal cybersecurity requirements for products wit…