Non-paper on the principles of a Cyber Resilience Act (DK, D, NL)
The Cyber Resilience Act should be an essential building block in a European and holistic approach to the cybersecurity of digital products, processes and services. It should propose security requirements for digital products, processes and services, which should cover all forms of digital products, processes and services, including stand-alone software, apps and software as a service (“SaaS”). In addition, the CRA should designate a limited list of digital products, processes and services for which conformity assessment by a certified body is required. Finally, the Cyber Resilience Act should inform users about the cybersecurity of the products and services they buy.