|
A horizontal act is needed
BDI, DIN and DKE underline that the primary goal of the coming months should be the development of mandatory, horizontal cybersecurity requirements. They observe that horizontal requirements are preferable over vertical, product group-specific acts. The horizontal approach avoids fragmentation and ensures consistency in the requirements.
BDI, DIN and DKE advise against developing voluntary schemes for connected products and services based on the CSA, “since in future the horizontal NLF-based cybersecurity requirements will serve this purpose”.
The three organisations praise the risk-based approach of the NLF (from manufacturer self-declaration to unit verification). In addition, they highlight that CE marking combines conformity assessment and market surveillance, thus being an anchor of confidence for private and commercial customers alike.
In their views, another advantage of the NLF is that it relies on harmonised European Standards developed in a process which is open to all interested stakeholders.
Bridge with the CSA
The paper points out that mandatory certification under individual schemes would conflict with the NLF. However, they note that the CSA envisages the possibility that schemes can be utilised for the respective conformity assessment procedure. BDI, DIN and DKE see this provision (Art. 54 of the CSA) as a bridge between the NLF and the CSA.
In case a scheme already exists for a product group, it could be used optionally and alternatively to demonstrate compliance with the future horizontal cybersecurity regulation (NLF), as long as there no contradictions in the requirements. BDI, DIN and DKE note that “in the event of a contradiction, the NLF act must prevail”.
Therefore, the CSA should be closely coordinated with the standardisation projects. Future schemes should first focus on the Europeanisation of existing national schemes.
If you have any questions on these issues, please contact Camille Dornier - Policy Manager: camille.dornier@eurosmart.com
|
