top of page
Search

EU Cybersecurity Legislation: Digital Services Act versus Cyber Resilience Act

Updated: Mar 16

EU Cybersecurity Legislations


In the dynamic landscape of digital transformation, the European Union has taken significant strides to regulate the digital space with two landmark legislations: the Digital Services Act (DSA) and the Cyber Resilience Act (CRA). Both regulations aim to foster a safer digital environment, but they address different aspects of the digital ecosystem. This blog post will delve into the nuances of these regulations, comparing and contrasting their objectives, key requirements, and the implications for organizations and individuals.

 


Overview of the Legislations

Digital Services Act (DSA):

The DSA is designed to create a safer digital space where the fundamental rights of users are protected, and to establish a level playing field for businesses. It applies to online intermediaries and platforms operating in the EU, including social networks, online marketplaces, and content-sharing platforms. The DSA's objectives include combating illegal content online, ensuring the protection of users' rights, and fostering transparency and accountability of online platforms.

 

Cyber Resilience Act (CRA) (Proposal):

The CRA, on the other hand, focuses on enhancing the cybersecurity of products with digital elements throughout the EU. This includes a wide range of consumer products such as connected toys, household appliances, and smartphones, as well as industrial products. The act aims to ensure that these products are secure by design and throughout their lifecycle, requiring manufacturers to adhere to strict cybersecurity standards and report vulnerabilities.

 


Comparative Analysis of the Legislations

The DSA and CRA collectively represent the EU's comprehensive approach to mitigating risks associated with the digital transformation. While the DSA aims to regulate the digital services landscape to protect users and ensure fair competition, the CRA seeks to fortify the cybersecurity of digital products, making them safer for consumers.

 

Aspect                 

 Digital Services Act (DSA)

 Cyber Resilience Act (CRA)  (Proposal)

Objective              

Enhance digital environment safety, transparency, accountability, and user protection online.

Improve cybersecurity of physical and digital products, ensuring a higher level of cyber resilience.

Scope                   

Digital services and platforms, including online platforms and search engines.

Products with digital elements, including software and IoT devices.

Key Provisions       

Illegal content management, transparency, liability exemptions, content moderation, prohibition of dark patterns, data protection, advertising rules.

Security by design, lifecycle management, secure development and cybersecurity safeguards, vulnerability and incident reporting, software updates, EU declaration of conformity, consumer rights protection.

Impact on EU Market    

Aims for safer online environments and fair competition. Includes transparency duties, content moderation, prohibition of certain advertising practices, and protection of minors.

Seeks to elevate cybersecurity standards across products. Includes security requirements, vulnerability handling, and reporting obligations.

Regulatory Approach

Tiered regulatory system based on service type and size.

Differentiated approach based on product criticality and risk.

Oversight and Authorities

European Commission for very large platforms, national Digital Service Coordinators for others.

 

National authorities with coordinated EU oversight.

 

Mandatory incident reporting to CSIRTs and Supervisory Authority, EU-wide certification.

 

Timeline for Compliance

Specific provisions apply from February 2024, with earlier requirements for certain platforms

Applicable two years after entry into force, with transitional periods for specific requirements.

Compliance and Enforcement

National and EU-level oversight, fines for non-compliance.

National authorities’ oversight, penalties for non-compliance.

Fines and Penalties

Fines of up to 6% of the global annual turnover. Exact amount depends on the nature, gravity, and duration of the infringement, as well as any previous violations by the entity involved.

 

Fines can go up to €15 million or 2.5% of the total worldwide annual turnover of the preceding financial year of non-compliance.

 

 

Conclusion

The Digital Services Act and the Cyber Resilience Act together represent a comprehensive approach by the European Union to regulate the digital ecosystem. The DSA focuses on the regulation of digital services, aiming to create a safer digital space by enhancing user protection, transparency, and accountability of online platforms. On the other hand, the CRA targets the cybersecurity of products with digital elements, ensuring they are resilient to cyber threats from the design phase through to the end of their lifecycle. By addressing both the services provided online and the security of digital products, these legislations together create a more secure, transparent, and trustworthy digital environment for consumers and businesses in the EU. This holistic approach not only enhances consumer trust and safety online but also drives companies towards more responsible and secure practices, impacting how digital services and products are developed, maintained, and regulated across Europe.

 

 

Sources

 

By understanding and adhering to these regulations, businesses can not only ensure compliance but also contribute to a safer, more trustworthy digital space for all users.


Stay informed by subscribing to our premium blogs or schedule a consultation to address your business requirements. Subscribe or Schedule consultation

203 views0 comments

Commentaires


Subscribe

Join our email list and get early notifications to our blog releases.

Thanks for submitting!

bottom of page