More security against cyber attacks
Proposal for a regulation on cybersecurity also affects the working world
JA – 01/2023
In order to
strengthen cybersecurity in Europe, the European Commission published its draft
regulation covering horizontal cybersecurity requirements for products
with digital components, which will also amend Regulation (EU) 2019/1020, last
autumn. The European Commission gave stakeholders the opportunity to comment within the
framework of a public consultation until 23 January, in which German Social
Accident Insurance (DGUV) also participated.
Objective: common cybersecurity regulations
The proposal for a regulation on cybersecurity objective was to protect consumers from unsafe products by
creating common cybersecurity regulations. Specific cybersecurity requirements
and the creation of common frameworks for developing secure products should
improve overall cybersecurity. The new act will apply to all products with
digital components sold in the European Single Market.
Contents of the European Cyber Resilience Act
The draft
regulation included stricter manufacturer's obligations and regular updating
obligations for digital products. A strict manufacturer's liability for
defective products would also be introduced. This should make it easier for
anyone who has been affected to receive compensation. Regulations covering how
particularly high-risk products are evaluated will also be introduced and these
evaluations are to be carried out together with a third party evaluation (EU
Declaration of Conformity).
The working world will also be affected
Today's working
world is characterised by the use of digital products, which is why safety in
the workplace can be endangered by unsafe digital products or products
containing digital components. Information technology safety is essential for
occupational health and safety due to the increasing networking of industrial
control systems. Work accidents caused by manipulated machines used in the
workplace cannot be ruled out if safety gaps exist.
This is why
DGUV issued an optinion about the European Commission's draft
regulation, pointing out that the draft regulation uses unclear legal terms.
Among other things, the "cybersecurity requirements" term is not sufficiently
defined as it has already been defined differently in terms of content in other
European initiatives.
Background
In her 2021
State of the Union speech, the Commission President, Ursula von der Leyen,
called for the EU to play a leading role in cybersecurity and she announced a
European Cyber Resilience Act. The initiative builds on the 2020 European
Cybersecurity Strategy. The European Parliament and the Council will discuss
the contents of the European Commission's draft legislation.