EU Publishes New Regulation for Products with Digital Elements

The European Parliament and the Council of the European Union published Regulation (EU) 2024/2847 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) No 2019/1020 and Directive (EU) 2020/1828. The Regulation saw the light on November 20, 2024.

It covers products with digital elements which includes a direct or indirect logical or physical data connection to a device or network.

The Regulation sets:

rules that secure the cybersecurity provisions of products with digital elements on the market
general cybersecurity requirements for products with digital elements with regards to design, development and production stages
general cybersecurity requirements for or the vulnerability handling processes
responsibilities for economic operators with regards to cybersecurity of the product and the corresponding process
rules on market surveillance.

The Regulation сcomes into force from December 11, 2027. However, some Articles of the Regulation will become mandatory from June 11 and September 11, 2026.

Please note, EU type-examination certificates and approval decisions with regards to cybersecurity requirements for products with digital elements can be used until June 11, 2028, unless they expire before that date. However, if the certified product is modified substantially, it becomes subject to the Regulation from December 11, 2027.

Manufacturers of products with digital elements regardless of the certification requirements rules shall meet the responsibilities according to Article 14 “Reporting obligations of manufacturers” of the Regulation whether the product is put on the market before 11 December 2027 or after this date.

The full text of Regulation you can find here.

‍