The legislation outlines cybersecurity prerequisites for the design, development, production and sale of hardware and software products. Credit: Shutterstock/ Panya_photo.

EU member states and lawmakers reached a consensus on Thursday regarding cybersecurity regulations aimed at fortifying laptops, refrigerators, mobile apps and internet-connected smart devices against cyber threats.

The decision comes in response to a surge in global cyberattacks and ransom demands in recent years.

The Cyber Resilience Act, initially proposed by the European Commission in September 2022, is set to affect all products linked either directly or indirectly to other devices or networks.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

The legislation outlines cybersecurity prerequisites for the design, development, production and sale of both hardware and software products.

Manufacturers must now evaluate the cybersecurity risks associated with their products, issue declarations of conformity and quickly address issues throughout the anticipated lifespan of the product, or for a minimum of five years.

They are also required to enhance transparency regarding the security of their hardware and software products for both consumers and business users, in addition to reporting any cyber incidents to national authorities. Importers and distributors must ensure that products align with EU regulations.

Jose Luis Escriva, the Spanish Minister of Digital Transformation, emphasised the importance of providing connected devices with a fundamental level of cybersecurity when sold in the EU.

“Connected devices need a basic level of cybersecurity when sold in the EU, ensuring that businesses and consumers are properly protected against cyber threats,” he said.

This measure aims to ensure that businesses and consumers are adequately shielded against potential cyber threats.

The European Commission has asserted that adherence to these cybersecurity rules could result in annual savings of up to €290bn ($316bn) for companies, compared with estimated compliance costs of around €29bn.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

In October this year, the US led 40 countries in an alliance against paying ransomware, following reports that it was pressuring the countries against paying ransoms earlier this October

The alliance comes after the US stated that the number of ransomware cyberattacks has increased worldwide, with the US facing around 46% of those attacks. 

According to the UK Information Commissioner’s Office, there were more than 1,420 reported incidents of malware, ransomware and phishing targetting public bodies in the first half of 2023, a large jump from 855 incidents over the same period last year.

Earlier this week, the UK’s National Cyber Security Centre published new guidelines for secure artificial intelligence system development, together with the US Cybersecurity and Infrastructure Security Agency and 21 other international agencies.