The proposed law regulates cybersecurity requirements for a wide range of digital products and related ancillary services. The subject of the law is tangible digital (wireless and wired) products and non-embedded software in their entire life cycle. Thus, the act covers hardware and software equally. As a horizontal piece of legislation, the act selectively complements existing cybersecurity regulations such as the Cyber Security Act (Regulation (EU) 2019/881) or Delegated Regulation (EU) 2022/30.
The legislative initiative defines the following three main objectives:
- “Firstly, it aims to enhance and ensure a consistently high level of cybersecurity of digital products and ancillary services.
- Secondly, it aims to enable users to match the security properties of such products against their needs, including by enhancing the transparency of cybersecurity features. This would protect users from insecure digital products and ancillary services, and incentivise vendors to offer more secure products, thus increasing the trust in the digital single market.
- Third, it seeks to improve the functioning of the internal market by levelling the playing field for vendors of digital products and ancillary services.”
The legislative initiative is based on the so-called New Legislative Framework (NLF). According to this, the law is to define the basic cybersecurity requirements, which will be concretised by (legally non-binding) harmonised standards for the various product categories. In addition, the act introduces obligations for economic operators as well as provisions on conformity assessment, notification of conformity assessment bodies and market surveillance.
This initiative once again underlines the increasing importance of cybersecurity as a target in product regulation. After all, cybersecurity has a significant impact on product safety. Whether this law will actually achieve a higher level of protection and what concrete additional obligations it will impose on economic operators remains to be seen.
For further details: Wiebe, InTeR 2021, 66 et seq. (available here); Schucht, NVwZ 2021, 532 et seq.
Do you have any questions about this news, or would you like to discuss the news with the authors? Please contact: Dr. Gerhard Wiebe