Adapting to new cybersecurity regulations

Within the European Union (EU), significant legislative changes are underway to bolster cybersecurity measures across all types of software and hardware products and in all industries. These changes set a new standard for cybersecurity regulations worldwide, marking a fundamental shift within the industry.

The renewal of European Product Safety legislation (e.g. General Product Safety Regulation, Radio Equipment Directive, Cyber Resilience Act, Artificial Intelligence Act) will affect devices and software products, while NIS 2 Directive imposes mandatory cybersecurity measures on entities operating in various steps in industrial supply chains. The new regulations will in one way or the other affect asset owners, product manufacturers, and service providers.

Acknowledge the importance of cybersecurity compliance and develop a plan that encompasses regulatory requirements relevant to your products and operative systems.

Secure adequate resources, including funding and skilled personnel, in order to plan how to implement the transformation towards secure-by-design products and operational systems. Cybersecurity experts from more mature industries might need to be hired.

Establish formal secure product development lifecycle processes,  in R&D for products and in IT for operational systems.

Seek industry-relevant certifications for information security management systems, quality management systems, and products, to validate that your company meets regulatory and industry requirements.

Win with secure-by-design products by providing transparent information to customers about security measures over the whole product lifecycle, while cost-optimizing the post-market activities for addressing vulnerabilities and providing software updates.

Implementing secure-by-design principles not only ensures regulatory adherence but also enhances the overall security posture of your products and operations. By prioritizing cybersecurity, you demonstrate your dedication to protecting your customer’s safety and fundamental rights.

Compliance deadlines vary depending on regulations and industry sectors. For operational systems of Essential and Important Entities, NIS2 starts applying October 18^th 2024. Wireless IoT devices business is strongly disrupted on August 1^st 2025 via Radio Equipment Directive. Cyber Resilience Act brings horizontal cyber security regulation to software and devices. During Q2 2026, vulnerability and incident reporting processes become a mandatory requisite for continuing to distribute any legacy products with digital elements, meaning any software and devices. From Q2 / 2027 forwards, any software and hardware products with digital elements that are placed on EU market need to be CE marked for conformity with all requirements in Cyber Resilience Act. Acting swiftly is crucial to meeting these deadlines.

To stay compliant and secure in an evolving regulatory landscape, adopt a proactive approach. Allocate people to follow cyber security regulations, and invest into cultural change via training, improvement of management systems and processes, and development of secure-by-design new products.

In today's digital landscape, implementing compliance measures is not just an option; it's a necessity for businesses. As authoritative experts, we encourage you to embrace cybersecurity compliance by following our step-by-step guide. By doing so, you can effectively navigate the regulatory landscape, enhance customer trust, and ensure long-term success in an ever-changing cybersecurity environment. Let us be your trusted partner on this journey towards a more secure future.

To learn more about the relevant cyber security regulations and how to implement them into your solutions or product development, download our free guide ‘No Safety Without Cybersecurity – New Regulations for Secure Embedded Development‘.