Brussels – European Union lawmakers made progress this week towards mandating stronger cybersecurity measures for internet-connected devices used by millions of Europeans daily.
On Thursday evening, the European Parliament and European Council struck an informal agreement on the Cyber Resilience Act, proposed legislation that aims to secure digital products against cyberattacks. The bill would require makers of products with digital features to ensure they are resilient against hackers, provide transparency around their security, and issue regular software updates.
“The Cyber Resilience Act will strengthen the cybersecurity of connected products, tackling vulnerabilities in hardware and software alike, making the EU a safer and more resilient continent,” said Nicola Danti, the lead MEP negotiating the bill.
The law would designate certain product categories based on their criticality and cyber risk. Items like biometric readers, smart home assistants, and private security cameras would join the list under parliament’s amendments.
For covered devices, security patches would have to be installed automatically without user action “when technically feasible,” according to negotiators. The European Union Agency for Cybersecurity (ENISA) would also take on an expanded role in informing member states of widespread vulnerabilities.
Danti said the bill balances security and innovation by supporting small businesses and open source developers. “Only together will we be able to tackle successfully the cybersecurity emergency that awaits us in the coming years,” he warned.
The provisional Cyber Resilience Act deal still requires formal approval. But its architects hope sturdier digital product mandates can help Europeans avoid cyber headaches, as connected devices continue proliferating through daily life.