On 3 March, FEM finalised a position paper on the Cyber Resilience Act. In the position paper, FEM welcomes the European Commission’s proposal for a Cyber Resilience Act as a crucial step towards ensuring the cybersecurity of products with digital elements in the European Union.
The Cyber Resilience Act will impact all FEM equipment containing digital elements, such as all equipment with autonomous guide functions and all products including telematics devices allowing to send out and receive data.
Because of this, FEM calls on policymakers to take into account the interests of all the sectors that will be impacted by the upcoming Regulation and sets out recommendations to ensure that the proposed measures will strengthen cyber resilience without impeding European innovation and competitiveness.
FEM calls on policymakers to:
- Redefine the scope of the Cyber Resilience Act based on actual risk and define the cyber risk of a product depending on its direct or indirect connection to a network
- Align the reporting obligations of manufacturers with the timeframes set out in the revised Network Information and Security Directive (NIS 2)
- Extend the transition period to at least 48 months
- Rephrase essential cybersecurity requirements in accordance to the New Legislative Framework
- Provide a more detailed list of the products that classify as ‘critical’
- Avoid overlaps with other EU legislation, particularly the Radio Equipment Directive Delegated Act and the revised Network and Information Security Directive
Download the paper here.