Insights European Commission publishes consultation on new European Cyber Resilience Act

The Commission has launched a public consultation to gather the views and experiences of all relevant parties on the forthcoming European Cyber Resilience Act.

First announced by President von der Leyen in her State of the Union Address in September 2021, the Act seeks to establish common cybersecurity rules for digital products and associated services that are placed on the market across the EU. The results of the consultation will feed into the Commission’s proposal for legislation that is expected in the second half of 2022.

The Commission says that the Cyber Resilience Act will complement the existing EU legislative framework, which includes the NIS Directive (2016/1148/EU) and the Cybersecurity Act, as well as the upcoming Directive on measures for high common level of cybersecurity across the Union (NIS 2) that the Commission proposed in December 2020. The consultation will be open for 10 weeks, until 25 May 2022.

The Commission has also published a call for evidence on the problems currently identified and possible ways to address them. This call for evidence will be open for comments in parallel with the public consultation and will also run for ten weeks. To access the consultation and call for evidence, click here.