LONDON—In response to the European Union’s proposed Cyber Resilience Act, a broad cybersecurity regulation for smart devices that the European Commission introduced today, the Center for Data Innovation issued the following statement from Senior Policy Analyst Kir Nuthi:
The Cyber Resilience Act addresses gaps in the EU’s existing regulatory framework to improve cybersecurity in connected devices.
The EU has an opportunity to play a critical role in bolstering cybersecurity practices internationally as threats continue to grow and evolve. The Cyber Resilience Act could be a vital next step toward building the Digital Single Market by harmonizing cybersecurity practices across the EU.
Unfortunately, pursuing a horizontal framework that applies to a broad scope of digital products and non-embedded software could be a misstep. Such overbroad rules could impose high compliance costs and could prove too inflexible to evolve with technological advancements.
Tailored amendments that minimize the compliance burden and incentivize continued innovation in cybersecurity will help promote cybersecurity standards and advancements for decades to come. An adjusted Cyber Resilience Act will ensure that future-focused, objective-oriented, and technology-neutral regulation remains the focus.
An approach that acknowledges sectoral differences in cybersecurity needs and regulates each sector most efficiently can minimize compliance costs and effectively tackle cybersecurity risks.