First announced by the European Commission (EC) in September 2022, the Cyber Resilience Act, once coming into force, will apply to all products directly or indirectly connected with another device or a shared network.
The Act sets out specific regulations on cybersecurity for the design, development, production, and sales of hardware and software products. Manufacturers will be required to assess the cybersecurity risk of their products, provide notifications, and take appropriate action to remediate issues throughout the product’s life or within its shelf life of at least five years.
In addition, companies must ensure greater transparency in the safety of hardware and software products for customers and business users. Companies also have a responsibility to report cyberattacks to authorities. Meanwhile, importers and distributors must verify that products comply with EU standards.
According to the President of Global Affairs at Google and Alphabet, Kent Walker, the number of cyber-attacks rose by 38% in 2022 and has become increasingly serious, so international cooperation is necessary to fight this threat. For Europe, cybersecurity is an urgent issue that must be resolved, as an estimated 230,000 pieces of malicious software are downloaded daily.
According to Vice President of the European Parliament (EP) Dita Charanzova, European elections can become a target for those spreading false information and cyber-attacks. With the risk of cyber-attacks becoming more common, with significant effects on political systems, Google opened Europe's largest cyber security centre.
In the context of large technology companies seeking to promote the provision of cloud computing services, including sensitive data, the EU is considering applying more stringent regulations to ensure network security. The European Union Agency for Cybersecurity (ENISA) draft said that Amazon, Google, Microsoft and other non-EU cloud computing service providers who want to obtain EU cybersecurity labels to process sensitive data will have to form a joint venture with a company based in the EU.
The draft states that tech giants participating in such a joint venture would only be allowed to hold a minority stake, while employees with access to EU data would have to undergo vetting. Additionally, the cloud computing service must be operated from the EU and all customer data must be stored and processed in the EU.
Aiming to create a “European Cyber Shield” to detect and counter cyber security threats, the EC adopted a proposal for a Cyber Solidarity Act to ensure all European citizens and businesses are well protected both online and offline while promoting an open, secure and stable cyberspace.
A key element of the proposal is to establish a pan-European infrastructure made up of cross-border and national Security Operations Centres across the EU. These centres are responsible for detecting and combating cyber threats using modern technology such as artificial intelligence (AI) or advanced data analysis.
Equipped with supercomputers and AI systems, these centres are expected to be deployed throughout the EU from early 2024, with a budget of 1.1 billion EUR and will work in symbiosis to prevent future cyber-attacks.