Cyber Resilience Act: Protecting digital security works differently

Today, the EU Commission presented the “Cyber Resilience Act”, draft legislation which would oblige manufacturers of products “with digital elements” to guarantee cyber security throughout the entire product life cycle.[1] This way, the Commission wants to ensure that digital products are designed more securely from the beginning of the devices‘ life cycle and contain fewer vulnerabilities in order to be better equipped against cyber attacks.

MEP Dr Patrick Breyer (Pirate Party) comments on the draft:

“Because in the age of the digital revolution our security and our lives are threatened by insecure technology, the Pirates believe it is overdue to finally hold commercial manufacturers accountable. At first glance, however, today’s proposal falls short in some places and goes too far in others:

On the one hand, there is a lack of a clear obligation for commercial manufacturers to immediately fix known security gaps. Commercial manufacturers must be held liable for self-inflicted security loopholes in ordert to make IT security financially worthwhile! On the other hand, the voluntary development of free software is threatened because the same requirements are to be placed on commercial producers and on volunteers.

This proposal is immature and needs to be revised.”