COCIR Statement - EU Cyber Resilience Act proposals

COCIR welcomes the European Commission’s proposal on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020 (referred to as Cyber Resilience Act) and its aim to “increase the overall level of cybersecurity of all products with digital elements” by introducing “essential cybersecurity requirements”[1], while recognizing the importance to avoid excessive regulations in already heavily regulated markets where the strictest provisions for cybersecurity are already present. 

COCIR also welcomes the practical approach taken by the Commission in its proposal for the Cyber Resilience Act towards product compliance procedures under this Regulation, replication of market surveillance principles following validated principles of sectorial legislations for highly regulated sectors, such as medical devices to remedy non-compliance.

However, some further discussions with stakeholders will be needed to define more clearly some qualifying factors for currently broadly described processes and procedures, timelines, rules to apply for exceptions under the Cyber Resilience Act, and other elements of the proposed horizontal framework so that the ultimate goal of the overall increase of the cybersecurity in the EU is achieved.