Computer & Communication Industry Association

New EU Cybersecurity Rules Are Well-intended, but Introduce Unnecessary Red Tape

Brussels, BELGIUM – The European Commission presented today a new Cyber Resilience Act (CRA), seeking to create extensive approval processes that a wide range of digital products and services would have to undergo before they can be sold and used on the EU market.

The Computer & Communications Industry Association (CCIA Europe) supports the Commission’s objective of strengthening cyber resilience across the EU. Today’s proposal, however, introduces extensive red tape that could slow down, or even stall, the roll-out of new technologies and services that Europe needs.

The draft rules set up an elaborate approval process for stand-alone software and “connected” products that consumers and businesses use, from mobile and desktop operating systems and antivirus software to smart meters.

The CRA also has major ramifications for all kinds of services which use software and hardware covered by the Act throughout their supply chain. This would affect cloud storage, messaging and email, online marketplaces, search engines, and even social networks for instance.

Concretely, web hosting providers or cloud vendors may not be able to provide their services in Europe unless they make the switch to new EU-approved servers, containing EU-approved microprocessors and other components.

Any important software update would also trigger another round of conformity checks before the updated product can be rolled-out in Europe. This means that EU consumers and businesses have to wait longer than other regions before they can update their smartphone or computer. Finally, high-risk artificial intelligence (AI) applications would have to undergo extra conformity checks on top of the approval process set out by the EU’s upcoming AI Act.

The CRA proposal will now be reviewed by the European Parliament and EU Member States.

The following can be attributed to CCIA Europe’s Public Policy Director, Alexandre Roure:

“The Cyber Resilience Act is an opportunity to raise the cybersecurity level of ‘connected’ products and online services sold and used across Europe. However, policymakers should ensure that complex and long approvals do not unnecessarily hold back the supply of important new technologies that Europe needs.”

“These cybersecurity rules should strive to weed out bad products from the EU market, but the current CRA proposal would lead to innovative products piling up in waiting rooms before they can be used by Europeans. Instead the new rules should recognise globally-accepted standards and facilitate cooperation with trusted trade partners to avoid duplicate requirements.”

News

Supreme Court Opts not to Intervene and Block a Texas App Store Law that Likely Violates First Amendment

Washington – In response to an emergency request, the Supreme Court has decided not to intervene in an Appeals Court ruling allowing Texas to enforce its App Store law. The law requires people to sh...
reading-tablet
  • Press Releases
  • Privacy
News

CCIA Files Joint Brief on Internet Content and Federal Legal Protections

The Computer & Communications Industry Association, NetChoice, and the Electronic Frontier Foundation filed a joint amicus brief in Bogard v. Alphabet, asking an appeals court to affirm a lower co...
reading-tablet
  • Press Releases
  • Online Safety
News

CCIA Raises Privacy and Liability Concerns with California Wearable Devices Bill, SB 1130

Washington – The Computer & Communications Industry Association is testifying today before the California Assembly Committee on Privacy and Consumer Protection in opposition to SB 1130, warning ...
reading-tablet
  • Press Releases
  • Privacy
News

CCIA Statement Responding to the USMCA Joint Review

Washington — The Computer & Communications Industry Association responded to the U.S. Trade Representative's statement today that the United States, Mexico, and Canada did not agree to renew the...
reading-tablet
  • Statements
  • Trade