The EU Cyber Resilience Act is a new EU regulation which introduces mandatory requirements to securely design, develop, produce, and maintain products with digital elements. These products can be electronic devices, hardware or software and their components, including remote data processing solutions.
Cybersecurity is considered a matter of public interest due to the critical impact it can have on society. The two major problems the EU want to address with this new regulation are a low level of cybersecurity of products, which often lack the ability to receive security updates to address identified vulnerabilities, and an insufficient understanding or access to information preventing individuals and organisations from choosing products with a good level of security.
While the EU has already introduced other regulations that cover cybersecurity, such as NIS2 and the Cybersecurity Act, neither of these have set mandatory requirements for the security of products. This is now being addressed with the Cyber Resilience Act.