The Cyber Resilience Act proposed by the European Commission may potentially create challenges for supply chains, according to a recent letter from DigitalEurope, an interest group, signed by CEOs of various tech companies. The organization’s letter raises concerns that the proposed Cyber Resilience Act (CRA) could pose a problem for the single digital market that the European Union (EU) aims to establish.
In their letter, the CEOs emphasize the importance of maintaining a robust and secure digital environment while also ensuring the smooth functioning of supply chains. They argue that the current proposal fails to strike the right balance between cybersecurity and the efficient flow of goods and services. The potential consequences of this imbalance could have detrimental effects on businesses operating across the EU.
DigitalEurope’s brand letter outlines several key areas where the Cyber Resilience Act could impact supply chains. One concern raised is the requirement for mandatory third-party certification of the security of digital products and services. While the intention behind this provision is to enhance cybersecurity, the CEOs argue that it could lead to delays in the introduction of new technologies and hamper innovation within the industry. They suggest that instead of mandating certifications, a risk-based approach should be adopted, allowing companies to assess and mitigate potential vulnerabilities based on their specific circumstances.
Another issue highlighted in the letter is the proposed extension of liability for damages resulting from cyber incidents. According to the CEOs, this could discourage companies from investing in advanced cybersecurity measures, as they would bear increased financial risks. Additionally, they argue that assigning liability should consider the interconnected nature of supply chains, as one cyber incident in a single link can have ripple effects throughout the entire network. The CEOs propose a more balanced approach to liability, where all actors within the supply chain share responsibility based on their respective contributions.
Furthermore, the CEOs express concerns about potential conflicts between the Cyber Resilience Act and existing international standards and frameworks. They stress the need for alignment with globally recognized practices to avoid fragmentation and ensure a level playing field for businesses operating internationally.
In conclusion, the brand letter from DigitalEurope highlights the concerns of tech company CEOs regarding the Cyber Resilience Act proposed by the European Commission. These industry leaders emphasize the importance of considering the potential impact on supply chains and urge for a balanced approach that safeguards cybersecurity while maintaining the efficient flow of goods and services within the single digital market. They propose alternative measures, such as risk-based assessments and shared liability, to address the perceived shortcomings of the current proposal. Ultimately, finding the right balance between cybersecurity and operational efficiency is crucial for fostering a resilient and competitive digital economy in the EU.
