EU Council and Parliament Reach Agreement on Cyber Resilience Act

The Cyber Resilience Act, the EU's upcoming legislation to boost the security of digital products, is now only one step away from being officially adopted.
After days of debate within EU institutions, the European Parliament and the EU Council reached a political agreement on the legislation on December 3.
First proposed by the EU Commission in September 2022, the CRA aims to introduce security requirements for connected device manufacturers within the Union.
One key requirement included in CRA is the mandate for manufacturers of internet of things devices and other connected objects to report serious cyber incidents and actively exploited vulnerabilities that have not been patched yet.
This is the first time such a requirement is being imposed by a transversal, sector-agnostic law.
Manufacturers will have to conduct a risk assessment to inform which security requirements apply to their product.
They will have to provide support for at least five years unless the product has a shorter expected lifetime.
Any security update provided during that support period should remain available for either 10 years or the remainder of the support period - whichever is longer.
Manufacturers will be able to self-assess their compliance with the security requirements mentioned in the text.
The agreement is now subject to formal approval by the European Parliament and the Council.
Once adopted, CRA will enter into force on the 20th day following its publication in the EU's Official Journal.
Organizations affected by the CRA will then have 36 months to adapt to the new requirements, except for a more limited 21-month grace period related to the reporting obligation of manufacturers for incidents and vulnerabilities.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 04 Dec 2023 13:01:10 +0000


Cyber News related to EU Council and Parliament Reach Agreement on Cyber Resilience Act

British Government Minister Told Council to Keep Quiet After Ransomware Attack - An unnamed British government minister told the leader of Redcar and Cleveland Borough Council to keep quiet about the impact of a catastrophic ransomware attack two years ago, a parliamentary committee was told on Monday. The pressure from central ...
1 year ago Therecord.media
English council spent £1.1 million recovering from ransomware attack - Gloucester City Council in the West Midlands of England was forced to spend more than £1.1 million to recover from a ransomware attack in December 2021, according to the published agenda of a council meeting that took place on Monday. The meeting ...
10 months ago Therecord.media
EU Council and Parliament Reach Agreement on Cyber Resilience Act - The Cyber Resilience Act, the EU's upcoming legislation to boost the security of digital products, is now only one step away from being officially adopted. After days of debate within EU institutions, the European Parliament and the EU Council ...
10 months ago Infosecurity-magazine.com
Cyber Defense Magazine - The evolving landscape of cyber threats in our increasingly digital world calls for a strategic shift from traditional cybersecurity to a more encompassing and proactive approach: cyber resilience. Understanding the unique risk profile of your ...
7 months ago Cyberdefensemagazine.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
7 months ago Cyberdefensemagazine.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
8 months ago Securityzap.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
8 months ago Scmagazine.com
EU Reaches Agreement on AI Act Amid Three-Day Negotiations - The EU reached a provisional deal on the AI Act on December 8, 2023, following record-breaking 36-hour-long 'trilogue' negotiations between the EU Council, the EU Commission and the European Parliament. The landmark bill will regulate the use of AI ...
9 months ago Infosecurity-magazine.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 week ago Cyberdefensemagazine.com
Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles' - In other games, we had people from Silicon Valley who were leading AI companies or cyber companies. What we found is those who had expertise in cyber operations were more likely to be more nuanced about how they used the cyber capability. On a larger ...
4 months ago Therecord.media
Uncertainty Is the Biggest Challenge to Australia's Cyber Security Strategy - Political shifts could lead to changes in Australia's cyber security strategy. Early in 2023, as the Australian government started to craft its cyber security vision, it met with opposition at both ends of the political spectrum. On the right wing, ...
9 months ago Techrepublic.com
Are the Fears About the EU Cyber Resilience Act Justified? - On Wednesday, July 19, the European Parliament voted in favor of a major new legal framework regarding cybersecurity: the Cyber Resilience Act. The act enters murky waters when it comes to open-source software. It typically accounts for 70% to 90% of ...
9 months ago Feeds.dzone.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
5 months ago Cyberdefensemagazine.com
Suspected ransomware attack hits Scottish council - Public services across the Na h-Eileanan Siar - the Outer Hebrides - in Scotland continue to be disrupted following a suspected ransomware attack on the IT systems of the local council, Comhairle nan Eilean Siar. "Writing on X, the website formerly ...
10 months ago Computerweekly.com
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
9 months ago Securityboulevard.com
Are the Fears about the EU Cyber Resilience Act Justified? - "The draft cyber resilience act approved by the Industry, Research and Energy Committee aims to ensure that products with digital features, e.g. phones or toys, are secure to use, resilient against cyber threats and provide enough information about ...
10 months ago Securityboulevard.com
EU lawmakers finalize tough cyber security rules The Register - Infosec in brief The European Union's Parliament and Council have reached an agreement on the Cyber Resilience Act, setting the long-awaited security regulation on a path to final approval and adoption, along with new rules exempting open source ...
10 months ago Go.theregister.com
EU lawmakers finalize tough cyber security rules The Register - Infosec in brief The European Union's Parliament and Council have reached an agreement on the Cyber Resilience Act, setting the long-awaited security regulation on a path to final approval and adoption, along with new rules exempting open source ...
10 months ago Packetstormsecurity.com
UK Parliament Opens Inquiry into Cyber-Resilience - UK lawmakers have launched an inquiry into the cyber-resilience of critical national infrastructure, claiming the country is the third most targeted globally, after the US and Ukraine. The Science, Innovation and Technology Committee will oversee the ...
10 months ago Infosecurity-magazine.com
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
10 months ago Techrepublic.com
Cyber Insights 2023: Cyberinsurance - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more ...
1 year ago Securityweek.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
Meet Your New Cybersecurity Auditor: Your Insurer - As businesses deal with the fallout of massive ransomware waves, from Lapsus$ to Cl0p/MOVEit, an unlikely new entity is joining the regulatory bodies to raise the bar for cybersecurity: the cyber insurer. Their coverage requirements and ...
10 months ago Darkreading.com
Strengthening Resilience: Navigating the Cybersecurity Landscape - Over the last four years, businesses have faced significant challenges characterized by increased frequency and severity of cyber threats. In a recent global survey of 3,000 decision-makers, Aon identified cyberattacks or data breaches as the No. 1 ...
9 months ago Darkreading.com
Oldham Council facing 10,000 cyber attacks a day, report says - A council is to spend £682,000 on computer upgrades after bosses said they were fighting off 10,000 cyber attacks a day. Members of Oldham Council's cabinet said they would use the money to buy a "Modern data protection service". Their current ...
10 months ago Bbc.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)