This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Welcome to Reed Smith's viewpoints — timely commentary from our lawyers on topics relevant to your business and wider industry. Browse to see the latest news and subscribe to receive updates on topics that matter to you, directly to your mailbox.
| less than a minute read

The European Cybersecurity Framework - Keeping you informed here

The next piece of the puzzle is almost ready to fit into the EU cybersecurity framework. On November 30, the EU Council and Parliament reached an agreement on the EU Cyber Resilience Act (CRA), which will introduce uniform cybersecurity requirements for products with digital elements. Similar to other acts of the EU Data Strategy, the CRA aims to create responsibility for manufacturers and transparency for consumers and businesses. There will also be a vulnerability handling process.

While simplifying the scope of the CRA and adding a three-year grace period, the agreement reached by the EU Council and the EU Parliament amended the EU Commission's proposal by adding that the support period for products must be at least five years, and there will be a reporting obligation for exploited vulnerabilities and incidents.

The final draft is expected in the next weeks, once the details have been finalized. 

We will update you here on the developments of the European Cybersecurity Framework.

Cyber resilience act: Council and Parliament strike a deal on security requirements for digital products The Council presidency and the European Parliament’s negotiators have reached a provisional agreement on the proposed legislation regarding cybersecurity requirements for products with digital elements, which aims to ensure that products such as connected home cameras, fridges, TVs and toys are safe before they are placed on the market (cyber resilience act).


european data strategy, cybersecurity, cyber resilience act, nis2, emerging technologies