Required cookies

This website uses cookies necessary for its operation in order to provide the user with content and certain functionalities (e.g. language selection). You have no control over the use of these cookies.

Website visitor statistics

We collect visitor statistics on the use of the site. The data is not personally identifiable and is only stored in the Matomo visitor analytics tool managed by CSC.

By accepting visitor statistics, you allow Matomo to use various technologies, such as analytics cookies and web beacons, to collect statistics about your use of the site.

Change your cookie choices and read more about visitor statistics and cookies


Cybersecurity regulation in general and Cyber Resilience Act in particular must be effective while not hampering the cost-efficiency and usability of the products and solutions or competitiveness of the companies. In particular, regulation must avoid creating unreasonable obligations for innovative European start-up companies which face tough competition in terms of time-to-market. A risk-based approach must be adopted, setting the security requirements based on the criticality of the product or solution to make the burden on the developers of non-critical products and solutions as light as possible.

The governance mechanism of the cybersecurity of digital products and solutions must be based on existing international information security standards and on information security certifications based on accredited audits practices (e.g. ISO/IEC 27001) as well as penetration testing procedures and frameworks (e.g. OWASP-10). The procedures and measures must ensure cybersecurity throughout the lifecycle of the product or solution, including product development, product support and updates, customer service and after-sales service.

With cybersecurity becoming a more relevant issue than ever, it is essential to ensure that it is governed with an efficient and effective regulatory framework that is up to date and fit for purpose. It is particularly important to develop legislation at EU and at national level in a coordinated manner to make sure that regulation does not contain incoherences, overlaps or loopholes. Regulation must avoid creating excessive administrative burden or barriers for the development of the digital single market.