The Cyber Resilience Act seeks to establish cybersecurity requirements for connected products and software (embedded and non-embedded). This initiative aims to address market needs and protect consumers from insecure products by introducing common cybersecurity rules for manufacturers and vendors of tangible and intangible digital products and ancillary services.
Cybersecurity and Resilience of Critical Entities - Related Opinions
The EESC asks the Commission to strictly monitor progress in the deployment and real use of 5G and calls on the Member States to further accelerate the process and ensure a responsible implementation.
In particular, the EESC believes it is vital to assess the risk profile of suppliers and apply relevant restrictions for suppliers considered to be high risk. In addition, the EESC reiterates its suggestion of having at least two suppliers for each country, at least one of which is European, in order to ensure political security of data and respect for heath requirements.
The EESC recommends that European technological diplomacy be strengthened to enable the EU to ensure more balanced, reciprocal conditions for trade and investment, in particular as regards market access, subsidies, public procurement, technology transfers, industrial property and social and environmental standards.
The European Economic and Social Committee (EESC) welcomes the Commission's initiative, considering it an important step in developing an industrial strategy for cybersecurity and a strategic move to achieve robust and comprehensive digital autonomy. These aspects are essential for strengthening Europe's defence mechanisms against the ongoing cyberwarfare that threatens to undermine its political, economic and social systems.
The EESC considers that ENISA's new permanent mandate as proposed by the Commission will significantly contribute to enhancing the resilience of European systems. However, the accompanying provisional budget and resources allocated to ENISA will not be sufficient for the agency to fulfil its mandate.
The EESC recommends to all Member States to establish a clear and equivalent counterpart to ENISA, as most of them have not done it yet.
The EESC also feels that, ENISA should prioritise actions to support e-government, should provide regular reports on the cyber-readiness of Member States focusing on sectors identified in Annex II to the NIS Directive and monitor the performance and decision-making of national certification supervisory authorities.
The EESC supports the proposal to create a cybersecurity competence network sustained by a Cybersecurity Research and Competence Centre (CRCC).