The EU Cyber Resilience Act – An Appraisal and Contextualization
Zeitschrift für Europarecht (EuZ), 2/2023, B1-B45
49 Pages Posted: 2 May 2023
Date Written: February 17, 2023
The fourth industrial revolution and the therewith linked exponential increase in Internet of Things (IoT) devices generate a great number of cybersecurity risks. To address these concerns, the European Union (EU) pursues the adoption of a Cyber Resilience Act (CRA). The article discusses the Commission’s CRA proposal of 15 September 2022 and provides an overview of its provisions as well as a critical assessment of the most pertinent aspects related in particular to its risk-based approach, varying regulatory burden across actors and products, and its scope of application. The article further seeks to contextualize the CRA by identifying the drivers of its adoption against the broader picture of EU’s role and aspirations in the area of cybersecurity and its proactive legislative efforts in the broader digital domain. Drawing on these analyses, the article seeks to assess whether, and to what extent, the CRA project would be successful in achieving its objectives to ensure an Internet of Secure Things in the single market and boost EU’s digital sovereignty, and what the consequences of this might be.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Keywords: Cyber Resilience Act, CRA, cyber resilience, cybersecurity, Internet of Things, products with digital elements, horizontal regulation, digital sovereignty
Suggested Citation: Suggested Citation