The new EU Cyber ​​Resilience Act will mark a milestone by regulating the cybersecurity of all digital products, focusing on improving cyber protection from the initial design phase of these products. This new legislation, a first in its field, seeks to establish stricter and more homogeneous rules to protect critical infrastructures and sensitive data against cyberattacks. With the increase in cyber threats and the growing dependence on technology, the cyber resilience act is a fundamental step to guarantee the integrity and operational continuity of digital systems in the EU. S2 Group, a company specialized in cybersecurity and cyber intelligence, has stressed that this measure will address one of the main problems faced by most devices: the lack of design with cybersecurity criteria, known as “security by design”.

This has resulted in numerous vulnerabilities that could be exploited by attackers to gain access to local networks.

Fines for non-compliance with the Cyber ​​Resilience Act will amount to between 10 and 15 million euros

In addition to the need to create cyber-secure products from the earliest design phase, companies must take into account that failure to comply with the requirements established by this law is subject to fines of between 10 and 15 million euros or up to 2 or 2.5% of their annual turnover.“, said José Rosell, founding partner and CEO of S2 Group.

New Cyber ​​Resilience Law

This regulation includes a 3-year adaptation period, and according to S2 Group experts, these are the 10 keys to the new Cyber ​​Resilience Law:

  1. It covers all devices connected to the network or to other devices.
  2. It sets cybersecurity standards for the design, development and production of digital products, with obligations for economic operators and rules for market surveillance and enforcement.
  3. It imposes essential requirements for vulnerability management by manufacturers, ensuring the cybersecurity of products throughout their life cycle, with an obligation to report vulnerabilities and incidents.
  4. Member States shall designate a notifying authority to supervise the assessment and notification procedures of conformity assessment bodies.
  5. Ensures that consumers have adequate information about the cybersecurity of the products they purchase and use.
  6. Requires manufacturers to provide security support and software updates to resolve identified vulnerabilities.
  7. It requires the incorporation of essential cybersecurity requirements into all stages of the product life cycle, including design, development, production, delivery and maintenance.
  8. Manufacturers must actively report vulnerabilities and incidents, provide security updates for at least 5 years, and effectively manage risks.
  9. Requires documentation of all cybersecurity risks associated with products.
  10. It establishes that products with digital elements must have clear, understandable instructions and a conformity assessment.
Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.