Cyber Resilience Act

13 march 2024

The regulation, already agreed with Council in December 2023, aims to ensure that products with digital features are secure to use, resilient against cyber threats and provide enough information about their security properties.

Important and critical products will be put into different lists based on their criticality and the level of cybersecurity risk they pose. The two lists will be proposed and updated by the European Commission. Products deemed to pose a higher cybersecurity risk will be examined more stringently by a notified body, while others may go through a lighter conformity assessment process, often managed internally by the manufacturers.

During the negotiations, MEPs made sure that products such as identity management systems software, password managers, biometric readers, smart home assistants and private security cameras are covered by the new rules. Products should also have security updates installed automatically and separately from functionality updates.

MEPs also pushed for the European Union Agency for Cybersecurity (ENISA) to be more closely involved when vulnerabilities are found and incidents occur. The agency will be notified by the member state concerned and receive information so it can assess the situation and, if it identifies a systemic risk, will inform other member states so they are able to take the necessary steps.

To emphasise the importance of professional skills in the cybersecurity field, MEPs also introduced education and training programmes, collaborative initiatives, and strategies to enhance workforce mobility in the regulation.

News archive

 

Firm news

lug13

13/07/2026

Google Android: the Court of Justice upholds Google’s fine of around €4.1 billion

Judgment of the Court of Justice of the EU in Case C-738/22 P | Google and Alphabet v Commission   The appeal brought by Google and its parent company Alphabet against the judgment of the General

lug13

13/07/2026

Judgment of the General Court in Joined Cases T-1079/23, T-1080/23 | Apple v Commission and T-214/24 Apple and Apple Distribution International v Commission

Digital services: the General Court of the EU dismisses Apple’s actions regarding its designation as a gatekeeper in relation to the App Store and iOS The General Court also rules that

lug13

13/07/2026

Opinion of the Advocate General in Cases C-535/25 | Amazon Italia Logistica, C-536/25 | Amazon Italia Services and C-537/25 | Amazon Italia Transport

According to Advocate General Campos Sánchez-Bordona of the Court of Justice of the European Union, companies in the Amazon group provide postal services in Italy Consequently, the requirement