Cyber Resilience Act: what it means for Technology & Digital

What the act does

to lay down a horizontal Union regulatory framework establishing comprehensive cybersecurity requirements for all products with digital elements. PROPOSED ACT: Regulation of the European Parliament and of the Council. ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council. BACKGROUND: hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of EUR 5.5 trillion by 2021. Such products suffer from two major problems adding costs…

Read the full Cyber Resilience Act explainer →

Why it matters for Technology & Digital

Digital and software companies are squarely in scope of the EU's new tech rulebook — AI, platform regulation, cybersecurity and data. These are the EU acts that most often apply.

Cyber Resilience Act sits in that rulebook because its subject matter covers cyber resilience. Whether — and how — it applies to a given business depends on that business’s activities, products and markets.

The rest of the Technology & Digital rulebook

• Council Regulation (EU) 2024/1732 of 17 June 202432024R1732
• Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act)32024R1689
• Regulation (EU) 2022/2065 on a Single Market For Digital Services (Digital Services Act)32022R2065
• Regulation (EU) 2022/1925 on contestable and fair markets in the digital sector (Digital Markets Act)32022R1925
• Regulation (EU) 2022/868 on European data governance (Data Governance Act)32022R0868
• Regulation (EU) 2023/2854 on harmonised rules on fair access to and use of data (Data Act)32023R2854

See all EU regulation for Technology & Digital →