EU Cyber Resilience Act

New European Union (EU) cybersecurity rules are coming into force this year which will ensure the safer use of hardware and software. The new act has been known about for several years and first made an appearance in the 2020 EU cybersecurity strategy as well as the NIS2 framework.

The new act is being implemented to ensure that mandatory cybersecurity controls are being put into place for all hardware and software products that are sold. The aim for these new rules is to ensure that any new smart devices, systems or type of device that has digital functionality or controls will be designed to have fewer security vulnerabilities.

The act is building upon the EU’s security framework and making it so that any new devices which are released to the market can be protected from the moment they are turned on and to ensure that the manufacture of the sold devices are held responsible for the products they release.

These changes should help to ensure that there is more support for products and that the changes of ransomware and malware is reduced as time goes on. The rise of malware was increasing in 2023 and if nothing is done about it things are only going to get worse.

Manufactures will now have to build products that are designed with security in mind and can be updated either via the internet or through some form of software update, so thereby utilising the best practice called security by design methodologies.

Manufactures will have to ensure that any vulnerabilities which have been found and are being targeted by criminals are reported and that products which have digital functionality have clear and concise instructions on their use.

This can only be good news for consumers and businesses alike and we should see improved support and reliability on devices moving forward.

For more information you can check out their policy at: https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act