The Center for Data Innovation (Transparency Register #: 367682319221-26) is pleased to submit this feedback on the European Commission’s consultation and call for evidence regarding the Cyber Resilience Act initiative. The Cyber Resilience Act initiative seeks to work in conjunction with existing legislation, like the Cybersecurity Act and the Directive on the security of Network Information Systems, to improve cybersecurity by addressing gaps in the existing regulatory framework for digital products and services.
We would like to commend the European Union (EU) for focusing on the growing threat of cybersecurity incidents. In 2020, global cybercrime cost €5.5 trillion, and global cybercrime is predicted to cost $10.5 trillion by 2025. As cybersecurity vulnerabilities continue to grow, the EU can play an important role in bolstering cybersecurity practices.
The Commission has outlined five broad policy options it is considering at this stage. In response to the Commission’s call for evidence for its impact assessment, the following discusses these options as well as their potential benefits and drawbacks. We caution against both maintaining the status quo or pursuing broad horizontal regulation and offer suggestions on how the Commission may pursue the other options.