Proposal for a regulation on cybersecurity also affects the working world

JA – 01/2023

In order to strengthen cybersecurity in Europe, the European Commission published its draft regulation covering horizontal cybersecurity requirements for products with digital components, which will also amend Regulation (EU) 2019/1020, last autumn. The European Commission gave stakeholders the opportunity to comment within the framework of a public consultation until 23 January, in which German Social Accident Insurance (DGUV) also participated.

Objective: common cybersecurity regulations

The proposal for a regulation on cybersecurity objective was to protect consumers from unsafe products by creating common cybersecurity regulations. Specific cybersecurity requirements and the creation of common frameworks for developing secure products should improve overall cybersecurity. The new act will apply to all products with digital components sold in the European Single Market.

Contents of the European Cyber Resilience Act

The draft regulation included stricter manufacturer's obligations and regular updating obligations for digital products. A strict manufacturer's liability for defective products would also be introduced. This should make it easier for anyone who has been affected to receive compensation. Regulations covering how particularly high-risk products are evaluated will also be introduced and these evaluations are to be carried out together with a third party evaluation (EU Declaration of Conformity).

The working world will also be affected

Today's working world is characterised by the use of digital products, which is why safety in the workplace can be endangered by unsafe digital products or products containing digital components. Information technology safety is essential for occupational health and safety due to the increasing networking of industrial control systems. Work accidents caused by manipulated machines used in the workplace cannot be ruled out if safety gaps exist.

This is why DGUV issued an optinion about the European Commission's draft regulation, pointing out that the draft regulation uses unclear legal terms. Among other things, the "cybersecurity requirements" term is not sufficiently defined as it has already been defined differently in terms of content in other European initiatives.

Background

In her 2021 State of the Union speech, the Commission President, Ursula von der Leyen, called for the EU to play a leading role in cybersecurity and she announced a European Cyber Resilience Act. The initiative builds on the 2020 European Cybersecurity Strategy. The European Parliament and the Council will discuss the contents of the European Commission's draft legislation.