EU Cyber Resilience Act May Cause Bottlenecks, Companies Say

Major European tech companies are urging lawmakers to revise a proposed cybersecurity law called the Cyber Resilience Act, which they believe will create bottlenecks in the supply chain. The law requires manufacturers of high-risk products to undergo a third-party risk assessment before bringing their products to market. The CEOs of companies like Siemens, Ericsson, and Schneider Electric argue that Europe lacks the capacity to perform these assessments, which could disrupt the single market and harm competitiveness. A counterproposal by the European Council would limit the number of products subject to third-party certification, but concerns still remain about the potential bottleneck risks. The CEOs also raised concerns about a provision that requires software developers to report vulnerabilities within 24 hours, which they believe could overwhelm cyber agencies. They are calling for amendments to the proposed law to address these issues.