Texts adopted - Cyber Resilience Act - Tuesday, 12 March 2024
– having regard to Article 294(2) and Article 114 of the Treaty on the Functioning of the European Union, pursuant to which the Commission submitted the proposal to Parliament (C9‑0308/2022),
– having regard to the provisional agreement approved by the committee responsible under Rule 74(4) of its Rules of Procedure and the undertaking given by the Council representative by letter of 20 December 2023 to approve Parliament’s position, in accordance with Article 294(4) of the Treaty on the Functioning of the European Union,
2. Approves the joint statement by Parliament, the Council and the Commission annexed to this resolution, which will be published in the C series of the Official Journal of the European Union ;
3. Calls on the Commission to refer the matter to Parliament again if it replaces, substantially amends or intends to substantially amend its proposal;
(1) Cybersecurity is one of the key challenges for the Union. The number and variety of connected devices will rise exponentially in the coming years. Cyberattacks represent a matter of public interest as they have a critical impact not only on the Union’s economy, but also on democracy, consumer safety and health. It is therefore necessary to strengthen the Union’s approach to cybersecurity, address cyber resilience at Union level and improve the functioning of the internal market by laying down a uniform legal framework for essential cybersecurity requirements for placing products with digital elements on the Union market. Two major problems adding costs for users and society should be addressed: a low level of cybersecurity of products with digital elements, reflected by widespread vulnerabilities and the insufficient and inconsistent provision of security updates to address them, and an insufficient understanding and access to information by users, preventing them from choosing products with adequate cybersecurity properties or using them in a secure manner.
