The draft regulation introduces mandatory cybersecurity requirements for the design, development, production and making available on the market of hardware and software products to avoid overlapping requirements stemming from different pieces of legislation in EU member states.

The proposed regulation will apply to all products that are connected either directly or indirectly to another device or network. There are some exceptions for products, for which cybersecurity requirements are already set out in existing EU rules, for example on medical devices, aviation, or cars.

The proposal aims to fill the gaps, clarify the links, and make the existing cybersecurity legislation more coherent by ensuring that products with digital components, for example ‘Internet of Things’ (IoT) products, become secure throughout the whole supply chain and throughout their whole lifecycle.

Finally, the proposed regulation also allows consumers to take cybersecurity into account when selecting and using products that contain digital elements by providing users the opportunity to make informed choices of hardware and software products with the proper cybersecurity features.

[continue reading on the source web page]