I provvedimenti spiegati alle aziende
con guide, checklist, modelli; AI assisted
Osservatorio a cura del dott. V. Spataro 



   dizionario 2023-07-19 ·  NEW:   Appunta · Stampa · Cita: 'Doc 97814' · pdf
  

EU Cyber Resilience Act

abstract:


documento annotato il 19.07.2023. Il testo puo' essere usato per bloccato lo sviluppo informatico in Europa, invece di migliorarlo. Gli operatori del settore sono allarmati, non solo i produttori di software open source. L'equilibrio tra affermazioni già esistenti nell'ordinamento ed altre innovative non e' misurato alla realtà del mercato, molto piu' vario di quanto previsto dal testo. Comunque il problema non e' la mancanza di responsabilità, quanto la presunzione anche su parti della filiera estranee civilisticamente ai problemi sollevati. Le PMI rischiano troppo.

Il testo non si applica a dispositivi medici, aviazione e automobili. Pessimo segnale che lanciano le istituzioni europee omettendo di regolare allo stesso modo settori che richiedono almeno la stessa attenzione.

Fonte: europa.eu
Link: https://digital-strategy.ec.europa.eu/en/policies/

analisi:

L'analisi è riservata agli iscritti. Segui la newsletter dell'Osservatorio oppure il Podcast iscrizione gratuita 30 giorni


index:

testo:

E

estimated reading time: 1 min

From baby-monitors to smart-watches, products and software that contain a digital component are omnipresent in our daily lives. Less apparent to many users is the security risk such products and software may present. 

The Commission’s proposal for a new Cyber Resilience Act (CRA) aims to safeguard consumers and businesses buying or using products or software with a digital component. The Act would see inadequate security features become a thing of the past with the introduction of mandatory cybersecurity requirements for manufacturers and retailers of such products, with this protection extending throughout the product lifecycle.

The problem addressed by the proposed regulation is two-fold. First is the inadequate level of cybersecurity inherent in many products, or inadequate security updates to such products and software. Second is the inability of consumers and businesses to currently determine which products are cybersecure, or to set them up in a way that ensures their cybersecurity is protected.

The proposed Cyber Resilience Act would guarantee:

  • harmonised rules when bringing to market products or software with a digital component;
  • a framework of cybersecurity requirements governing the planning, design, development and maintenance of such products, with obligations to be met at every stage of the value chain;
  • an obligation to provide duty of care for the entire lifecycle of such products.

When the proposed regulation enters into force, software and products connected to the internet would bear the CE marking to indicate they comply with the new standards. Requiring manufacturers and retailers to prioritise cybersecurity, customers and businesses would be empowered to make better-informed choices, confident of the cybersecurity credentials of CE-marked products.

The proposed regulation announced in the 2020 EU Cybersecurity Strategy, would complement existing legislation, specifically the NIS2 Framework. It would apply to all products connected directly or indirectly to another device or network except for specified exclusions such as open-source software or services that are already covered by existing rules, which is the case for medical devices, aviation and cars.

The European Parliament and the Council will now deliberate on the proposed Cyber Resilience Act. Upon entry into force, stakeholders will have 24 months in which to adapt to new requirements, with the exception of a more limited 12-month grace period in relation to the reporting obligation on manufacturers.


Link: https://digital-strategy.ec.europa.eu/en/policies/

Testo del 2023-07-19 Fonte: europa.eu




Commenta



i commenti sono anonimi e inviati via mail e cancellati dopo aver migliorato la voce alla quale si riferiscono: non sono archiviati; comunque non lasciare dati particolari. Si applica la privacy policy.


Ricevi gli aggiornamenti su EU Cyber Resilience Act e gli altri post del sito:

Email: (gratis Info privacy)






Nota: il dizionario è aggiornato frequentemente con correzioni e giurisprudenza