EU policymakers paved the way for cybersecurity law for connected devices

 

The second interinstitutional negotiation on the Cyber Resilience Act set the framework for a political agreement expected later this month. However, the controversial issue of who should receive sensitive vulnerability information is still to be fully settled.

The Cyber Resilience Act is a draft law introducing security requirements for connected devices. The file is at the last stage of the legislative process, so-called trilogues between the EU Commission, Parliament and Council.

On Wednesday (8 November), the second political trilogue endorsed the aspect of the support period through which security patches will have to be guaranteed and provided some guidance for the technical level to work on compromises for two sticking points of the bill: the reporting obligations and critical products. (...)