CECE issues a position paper on the Cyber Resilience Act
CECE welcomes the European Commission’s proposal for a regulation on the Cyber Resilience Act (CRA). The draft proposal aims at establishing essential cybersecurity requirements related to products’ properties and vulnerability handling, while introducing a number of obligations for manufacturers of connected digital products.
We represent the construction mobile machinery industry, including manufacturers of connected digital products intended for integration into final machines either by the manufacturer itself or by the user as aftermarket solutions.
In our position paper, we stress that, even today, the construction equipment sector is already committed to addressing cybersecurity risks, although the number of cyber-attacks targeting our products remains limited.
CECE is concerned about the in-scope products and perceives timeframe-related issues in consideration of the proposed transition period, the availability of harmonised standards, the time needed for manufacturers to adapt to the new requirements and the accreditation of notified bodies. To address these aspects, we highlight a number of key recommendations:
- Narrow down the scope only to connected digital products
- Clarify that default category products embedding critical components are not classified critical as per Annex III
- Exclude from the CRA scope connected digital products placed on the market before the CRA application date and related spare parts
- Allow the smooth and timely development of standardisation activities
- Extend the transition period to 5 years before the CRA applies
- Amend Annex I to ensure legal certainty on manufacturers’ obligations
Please read the full position paper here.
More news