European cyber-resilience regulation published

On November 20, the “Regulation 024/2847 of October 23, 2024 on horizontal cybersecurity requirements for products incorporating digital elements” (CRE) was published in the Official Journal of the EU.

 The CRE Regulation aims to guarantee the cybersecurity of software or products with digital components, including artificial intelligence (AI) systems.

 Its aim is to guarantee harmonized rules and a framework of cybersecurity requirements governing the planning, design, development and maintenance of these products. This duty of care applies to the entire product lifecycle.

 Article 12 of this Regulation stipulates that high-risk AI systems will have to comply with the essential cybersecurity requirements set out, and will be subject to the compliance assessment procedures established in the Cyber-Resilience Regulation with regard to these requirements.

 The CRE Regulation enters into force 20 days after its publication for every Member States.