Cybersecurity laws affecting manufacturers of products incorporating digital elements
We want to update you on two important cybersecurity laws affecting manufacturers of products that incorporate digital elements.
EU Cyber Resilience Act (CRA)
The CRA aims to enhance cybersecurity across the EU by imposing stricter obligations on manufacturers to ensure their products meet specific cybersecurity standards. This legislation is particularly relevant for businesses in the manufacturing sector, as it affects the design, development, and distribution of products that incorporate digital elements. We have provided a brief overview of the requirements below:
- Applies to: Products with digital elements sold in the EU.
- Key Requirements:
- Mandatory cybersecurity standards (including that products must be conformity assessed and CE marked).
- Ongoing security risk assessments and updates required during the life of the product.
- Security incident reporting to regulators and users (including for products supplied before the CRA comes into force)
- Penalties for non-compliance, including fines and product recalls.
- Timeline: Phased implementation starting in 2026.
- Full briefing: CRA
UK Product Security and Telecommunications Infrastructure Act (PSTIA)
- Applies to: Smart devices sold in the UK (excluding software).
- Key Requirements:
- No default passwords.
- Public channel for reporting security issues.
- Clear support period for security updates.
- Penalties: Up to £10m or 4% of global turnover for non-compliance.
- Timeline: In force as of April 2024.
- Full briefing: PSTIA
Both pieces of legislation reflect new considerations for affected manufacturers but the PSTIA is currently narrower in scope than the CRA. The PSTIA is already in force in the UK but if you have not considered the steps you need to take to achieve compliance we would be happy to discuss. Equally, whilst 2026 may seem a long way off, the significant obligations imposed by the CRA will take time to implement so we recommend starting to consider this this year.
Please contact us if you would like to know more.
By NEPIC
16 Views
Recent Posts
- Government reveals the Commercial Agents Regulations are here to stay
- NELS are Miele Approved Partners!
- £478,000 of ECITB Regional Skills Hub funding for training rig in Teesside
- Cybersecurity laws affecting manufacturers of products incorporating digital elements
- Introducing Fairfax Couty Economic Development Authority – Newcastle Helix, Tuesday 1 April, 5pm – 8pm
Back to News >
Share this
Most Recent Post
© Copyright. North East of England Process Industry Cluster (NEPIC) 2015
Built by iTCHYROBOT