Digital Policy Alert logo

European Union: Introduced Cyber Resilience Act containing cybersecurity requirements

Policy overview

Description

Introduced Cyber Resilience Act containing cybersecurity requirements

On 15 September 2022, the European Commission introduced a proposal for the "Cyber Resilience Act" to the Council and European Parliament. The Act aims to establish common cybersecurity rules for digital products and related services that are placed on the market across the European Union. Particularly, the Act introduces cybersecurity rules for developing, designing, producing and selling products with digital elements (i.e., wireless and wired products and software) across their entire lifecycle. Finally, the Act introduces a taxonomy composed of "default" products (requiring only a self-assessment), "Critical Class I products" (requiring the application of a standard or a third-party assessment) and "Critical Class II products" (requiring a third-party assessment).

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
supranational
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2022-03-16
in consultation

On 16 March 2022, the European Commission launched a public consultation for the Cyber Resilience A…

2022-05-25
processing consultation

On 25 May 2022, the European Commission closed the public consultation for the Cyber Resilience Act…

2022-09-15
under deliberation

On 15 September 2022, the European Commission introduced a proposal for the "Cyber Resilience Act" …

2023-07-19
under deliberation

On 19 July 2023, the Council of the European Union reached a common position on the proposed Cybers…

2023-11-30
under deliberation

On 30 November 2023, the Council of the European Union and the European Parliament reached a common…

2024-03-12
under deliberation

On 12 March 2024, the European Parliament adopted the text provisionally agreed on the regulation r…

2024-10-10
adopted

On 10 October 2024, the Council of the EU adopted the regulation on Cybersecurity Requirements for …

2024-12-10
in grace period

On 10 December 2024, the Cyber Resilience Act entered into force with a grace period. The Cyber Res…

2026-06-11
in force

On 11 June 2026, Regulation 2024/2847 on horizontal cybersecurity requirements for products with di…

2026-09-11
in force

On 11 September 2026, Regulation 2024/2847 concerning horizontal cybersecurity requirements for pro…

2027-12-11
in force

On 11 December 2027, Regulation 2024/2847 on horizontal cybersecurity requirements for products wit…