Featured Product

    EC Seeks Feedback for Initiative on New Cybersecurity Rules

    March 16, 2022

    The European Commission (EC) is seeking feedback, until May 25, 2022, for an initiative that would involve development of proposal for a regulation on horizontal cybersecurity requirements for digital products and ancillary services under the Cyber Resilience Act. EC plans to adopt the regulation by the third quarter of 2022.

    The initiative aims to address market needs and protect consumers from insecure products by introducing common cybersecurity rules for manufacturers and vendors of tangible and intangible digital products and ancillary services. The framework applicable to digital products comprises several pieces of legislation, including a European Union legislation on specific products covering safety-related aspects and general legislation on product liability. However, the legislation covers only certain aspects linked to the cybersecurity of tangible digital products and, where applicable, embedded software concerning these products. The existing regulatory framework on products does not prescribe specific cybersecurity requirements and does not cover all types of digital products. The framework also fails to cover a variety of widely used hardware. Moreover, non-embedded software products are not addressed in the current framework, even though vulnerabilities in software products are increasingly serving as a channel for cybersecurity attacks, causing significant societal and economic costs. Through the consultation, EC would like to gather:

    • views on current and emerging problems related to the cybersecurity of digital products and associated services, including non-embedded software
    • views on the possible policy approaches to address such problems, the available options, and their potential impacts
    • evidence and data underpinning the identified problems

    The initiative aims to enhance and ensure a consistently high level of cybersecurity of digital products and ancillary services. More specifically, a broad range of such products and associated services would be secured throughout their whole lifecycle proportional to the risks. The initiative also aims to enable users to match the security properties of such products against their needs, including by enhancing the transparency of cybersecurity features. This would protect users from insecure digital products and ancillary services and incentivize vendors to offer more secure products, thus increasing the trust in the digital single market. Finally, the initiative seeks to improve the functioning of the internal market by leveling the playing field for vendors of digital products and ancillary services.


    Related Link: Notification and Call for Evidence


    Keywords: Europe, EU, Banking, Insurance, Securities, Cyber Risk, Cyber Resilience Act, Regtech, Non-emedded Software, Digital Products, EC

    Related Articles

    CFPB Finalizes Rule on Small Business Lending Data Collection

    The Consumer Financial Protection Bureau (CFPB) published a final rule that sets out data collection requirements on small business lending, under section 1071 of the Dodd-Frank Act.

    March 30, 2023 WebPage Regulatory News

    BCBS to Consult on Pillar 3 Climate Risk Disclosures by End of 2023

    The Bank for International Settlements (BIS) published a summary of the recent Basel Committee (BCBS) meetings.

    March 23, 2023 WebPage Regulatory News

    FINMA Approves Merger of Credit Suisse and UBS

    The Swiss Financial Market Supervisory Authority (FINMA) has approved the takeover of Credit Suisse by UBS.

    March 21, 2023 WebPage Regulatory News

    BOE Sets Out Its Thinking on Regulatory Capital and Climate Risks

    The Bank of England (BOE) published a working paper that aims to understand the climate-related disclosures of UK financial institutions.

    March 13, 2023 WebPage Regulatory News

    US Congress Report Examines Data Privacy and Cybersecurity Regulations

    The U.S. Congressional Research Service published a report on banking, data privacy, and cybersecurity regulation.

    March 13, 2023 WebPage Regulatory News

    OSFI Finalizes on Climate Risk Guideline, Issues Other Updates

    The Office of the Superintendent of Financial Institutions (OSFI) is seeking comments, until May 31, 2023, on the draft guideline on culture and behavior risk, with final guideline expected by the end of 2023.

    March 12, 2023 WebPage Regulatory News

    EU to Conduct One-Off Scenario Analysis to Assess Transition Risk

    The European authorities recently made multiple announcements that impact the banking sector.

    March 10, 2023 WebPage Regulatory News

    APRA Assesses Macro-Prudential Policy Settings, Issues Other Updates

    The Australian Prudential Regulation Authority (APRA) published an information paper that assesses its macro-prudential policy settings aimed at promoting stability at a systemic level.

    March 07, 2023 WebPage Regulatory News

    BIS Paper Examines Impact of Greenhouse Gas Emissions on Lending

    BIS issued a paper that investigates the effect of the greenhouse gas, or GHG, emissions of firms on bank loans using bank–firm matched data of Japanese listed firms from 2006 to 2018.

    March 03, 2023 WebPage Regulatory News

    HMT Mulls Alignment of Ring-Fencing and Resolution Regimes for Banks

    The HM Treasury (HMT) is seeking evidence, until May 07, 2023, on practicalities of aligning the ring-fencing and the banking resolution regimes for banks.

    March 02, 2023 WebPage Regulatory News
    RESULTS 1 - 10 OF 8810