Brussels, 16 March 2022
Today, the Commission launched a public consultation to gather the views and experiences of all relevant parties on the forthcoming European Cyber Resilience Act. First announced by President von der Leyen in her State of the Union Address in September 2021, the Act seeks to establish common cybersecurity rules for digital products and associated services that are placed on the market across the European Union. The results of the public consultation will feed into the Commission’s proposal for legislation that is expected in the second half of this year.
Thierry Breton, Commissioner for Internal Market, said:
“To face today’s diverse and sophisticated cyber-attacks we need advanced technology, secure infrastructure, and increased operational cooperation, as well as a common approach on cybersecurity benchmarks for products and services. We are looking forward to receiving input from all interested citizens and organisations to help us shape the new Cyber Resilience Act that will become a key part of the European strategic, policy and legislative framework in cybersecurity.”
The Cyber Resilience Act will complement the existing EU legislative framework, which includes the Directive on the security of Network and Information Systems (NIS Directive) and the Cybersecurity Act, as well as the future Directive on measures for high common level of cybersecurity across the Union (NIS 2) that the Commission proposed in December 2020. The public consultation will be open for the coming 10 weeks, until 25 May 2022. In addition, the Commission has published a call for evidence to create an overview of the problems currently identified and possible ways to address them. The call for evidence will be open for comments in parallel with the public consultation, also for 10 weeks.