Analysis
Rapporteur Morten Løkkegaard (Renew Europe, Denmark)
Rapporteur Morten Løkkegaard noted that the majority of the amendments contain similarities and generally go in one direction, which he believes will help in finding compromises.
He also shared that the main changes introduced in the amendments aim to help SMEs to implement the proposed CRA while reducing burden overall without reducing safety. Moreover Rapporteur and shadow rapporteur agreed on the need for further alignment with other pieces of legislation: NIS2, AI act and machinery directive.
However, the Rapporteur also mentioned that certain aspects require further political discussion, (1) how to address open sources within the scope, (2) the manufacturers’ obligation to provide security update along the product lifetime, and (3) the timeframe to implement the proposed Regulation.
Shadow Rapporteur Arba Kokalari (EPP, Sweden)
Arba Kokalari highlighted that the EPP group would like to ensure a alignment of the proposal with the AI act, General product safety directive and machinery directive, that the text introduces a one-stop shop to ensure that products only require to be approved once. The Common specifications should not be the by-default way, a timeframe should be given to the ESOs to develop harmonized standards. Moreover, EPP group would like to see more support to SMEs with minimum fines. Finally, more time should be given for the concreate implementation of the Act, so that companies would be able to put their product into conformity with the new requirements.
Shadow Rapporteur Adriana Maldonado López (S&D, Spain)
Adriana Maldonado López expressed the S&D group’s reservations regarding the entry into force of the proposed Regulation and stressed that further discussions should focus on the real lifespan of products. She also underscored that bureaucratic burden on SMEs should be reduced and that the sanctions regime should be strengthened.
Shadow Rapporteur Marcel Kolaja (Greens/EFA, Czechia)
Marcel Kolaja emphasised that further discussions should focus on how free and open source technologies should be addressed within the text. He also highlighted that due diligence for producers to integrate third party components requires further clarification in order to ensure that producers agree on which products can be used. It is the obligation of manufacturers to ensure that such components are tailored to the needs and integrated correctly, hence the EP should go beyond the Commission’s proposal.
Shadow Rapporteur Adam Bielan (ECR, Poland)
Adam Bielan underscored that the interplay between the NIS2 directive, DORA and the proposed CRA requires further clarification. He also argued that cloud services should be eliminated from the text and that further discussions should focus on the reporting requirements.
European Commission
On behalf of the Commission, Raluca Stefanuc (DG Connect) took the floor to note that there issupport to regulate cyber resilience for hardware entering the European market.
Additionally, the Commission explained that the need to align the text with other pieces of legislation was already studied in detail, but that it will check whether further links are necessary in the text.
|
