Cyber Resilience Act

13 march 2024

The regulation, already agreed with Council in December 2023, aims to ensure that products with digital features are secure to use, resilient against cyber threats and provide enough information about their security properties.

Important and critical products will be put into different lists based on their criticality and the level of cybersecurity risk they pose. The two lists will be proposed and updated by the European Commission. Products deemed to pose a higher cybersecurity risk will be examined more stringently by a notified body, while others may go through a lighter conformity assessment process, often managed internally by the manufacturers.

During the negotiations, MEPs made sure that products such as identity management systems software, password managers, biometric readers, smart home assistants and private security cameras are covered by the new rules. Products should also have security updates installed automatically and separately from functionality updates.

MEPs also pushed for the European Union Agency for Cybersecurity (ENISA) to be more closely involved when vulnerabilities are found and incidents occur. The agency will be notified by the member state concerned and receive information so it can assess the situation and, if it identifies a systemic risk, will inform other member states so they are able to take the necessary steps.

To emphasise the importance of professional skills in the cybersecurity field, MEPs also introduced education and training programmes, collaborative initiatives, and strategies to enhance workforce mobility in the regulation.

News archive

 

Firm news

giu30

30/06/2026

Intelligenza Artificiale 2026:Rapporto sull'Intelligenza Artificiale 2026: le principali trasformazioni tecnologiche, economiche e giuridiche legate allo sviluppo dei modelli di IA e il ruolo di AGCOM nel nuovo ecosistema digitale europeo

Pubblicato il Rapporto sull’Intelligenza Artificiale dell’Autorità per le Garanzie nelle Comunicazioni, che offre una ricostruzione organica delle principali trasformazioni tecnologiche,

giu12

12/06/2026

The European Data Protection Board welcomes comments on the Template for personal data breach notification.

The template is subject to a public consultation, providing stakeholders with the opportunity to share their comments and feedback on the content of the template. Following the public consultation, the

giu12

12/06/2026

Search engine delisting: When to act and what to do

Search engine providers play a crucial role in how personal data is disseminated online. Under the GDPR, individuals have the “right to be forgotten”—meaning they can request

Lawyer News

lug1

01/07/2026

Pannelli fotovoltaici, i nuovi criteri per l'autorizzazione paesaggistica

Le nuove priorità energetiche impongono

lug1

01/07/2026

Fisco e buste paga, flat tax del 5% estesa agli aumenti degli anni passati

Nuove istruzioni dall’Agenzia delle Entrate

lug1

01/07/2026

La Cassazione precisa gli effetti derivanti dall’exceptio non rite adimpleti contractus

<p>La <a href="https://onelegale.wolterskluwer.it/document/10SE0003182054"