Interplay of the CRA with Cybersecurity Certification Requirements Enacted in Other Vertical Legislation (NIS, CSA,…) (B12b)
The proposal for an EU regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, aims at ensuring common cybersecurity requirements for placing tangible ICT products and software on the European market. The proposal would provide a more resilient EU market by addressing products’ development and lifecycle. Already existing piece of legislation have been supporting this trend (NIS directive, CSA, Chips Acts and even the GDPR), which provide tools to develop certification schemes, risk assessments, development methodology and harmonized standards. The CRA will however, enact mandatory cybersecurity principles for market access. The CRA will definitively challenge the current EU cybersecurity approach through a renewed market surveillance and the necessary development of harmonized standards and schemes to supervise the European Marker. Will the CRA be an added value for market resilience, or would it simply bring more complexity for product developers?