Standardisation in the area of Cybersecurity

Topic description

ExpectedOutcome:

• Organization of events, workshops, stakeholder consultations, and production of white papers, all fostering the development of harmonised standards and conformity with requirements stemming from above mentioned legislative framework.
• Support for participation of relevant European experts in European and international cybersecurity standardization fora.

The objective of this topic is to support further standardisation in the area of cybersecurity, notably in view of the implementation of the proposed Regulation on the Cyber Resilience Act (CRA), in particular with a view to improving the awareness and engage stakeholders in such standardisation work.

The aim is to ensure wide stakeholder participation in standardisation activities in the area of cybersecurity, and in particular in relation to development of harmonized standards facilitating the implementation of the Cyber Resilience Act. This can be in the form of meetings, workshops and collaborative activities, involving the private as well as the public sector.

The Cyber Resilience Act (CRA) proposal aims to improve the internal market’s functioning by mandating that all products with digital elements (hardware and software) will only be made available on the market if they meet specific essential cybersecurity requirements. In order to facilitate the implementation of the CRA, harmonised standards would be developed, which, if followed, would trigger the presumption of conformity with the CRA essential cybersecurity requirements to which they correspond. This will be complementary to actions by the National Coordination Centres, which will play a key role in reducing negative cross-border spillovers and subsequent costs to society to mitigate the risks associated with non-secure products.