31 October 2023

On 25 October, MEP Beatrice Covassi hosted a debate focused on the impact of the Cyber Resilience Act. MEP Covassi was joined by the following speakers:

Goran Gotev, Director, EMEA Government Affairs, Okta
Nima Baiati, Executive Director & GM, Commercial Cybersecurity Solutions, Head of the Lenovo Cybersecurity Innovation Center
Antonio Grasso, Public Affairs Director, European DIGITAL SME Alliance
Rob Spiger, Principal Security Strategist, Global Cybersecurity Policy Team, Microsoft

Shaping the EU cybersecurity landscape: impact of the Cyber Resilience Act


Beatrice Covassi MEP opened the discussion by emphasizing the critical importance of cybersecurity in the current global climate, particularly in light of recent events in the Middle East. She outlined the expansive scope of the Cyber Resilience Act, aiming to regulate connected devices and set global standards. Covassi highlighted the significant economic losses attributed to cybercrime, stressing the need for a transparent legislative process. A key concern she raised was the skills gap in cybersecurity, specifically the underrepresentation of women in the field. Additionally, she addressed the impact of new legislative requirements on Small and Medium-sized Enterprises (SMEs) and expressed reservations about limiting the Cyber Resilience Act's scope to Business-to-Business (B2B) regulation, advocating for the inclusion of consumer products.

Goran Gotev's remarks focused on the evolution of cybersecurity legislation. He discussed the critical role of the Cyber Resilience Act (CRA) and its alignment with existing frameworks like the NIS directive. Gotev highlighted the necessity to cover previously unregulated areas within the cybersecurity ecosystem. He suggested that the CRA's reporting processes should align with existing directives to avoid operational challenges and cautioned about potential issues arising from overlapping regulations, especially for Software as a Service (SaaS) providers. He proposed modifications to the conformity assessment process for software, to better accommodate the dynamic nature of code development.

Nima Baiati delved into the challenges and opportunities in cybersecurity regulation. He spoke about the evolving nature of software and the difficulties in defining product life cycles. Baiati highlighted the acute shortage of cybersecurity talent, especially in SMEs, and underscored the need for clear, efficient standards that minimize regulatory burdens. He advocated for pragmatic regulation that aligns with existing legislations like the General Data Protection Regulation (GDPR). Baiati also raised concerns about the ambiguous definitions of incidents and vulnerabilities, suggesting a need for clearer guidelines in these areas.

Antonio Grasso emphasized the vital role of SMEs in driving the implementation of cybersecurity measures. He discussed the importance of digital skills and the need for harmonization in legislative requirements. Grasso stressed the necessity of modernizing legislative approaches to keep pace with the dynamic nature of software products. He also highlighted the importance of considering sustainability in product support and lifecycle. Grasso argued for a more inclusive standardization process that incorporates the perspectives of digital SMEs.

Rob Spiger provided an industry perspective on cybersecurity legislation. He focused on the challenges and opportunities presented by the implementation of the CRA. Spiger stressed the need for clarity in compliance and standardization processes and highlighted the importance of guiding small and medium organizations through these processes. He expressed concerns about how unpatched vulnerabilities are handled and disclosed, advocating for a balanced approach in addressing vulnerabilities, especially the importance of rapid response to actively exploited threats. Spiger also suggested improvements in the evidence and documentation process for manufacturers to ensure compliance throughout product lifetimes.



  • #EIFasks - MEP Beatrice Covassi on the impact of the Cyber Resilience Act
  • 2:04 We are EIF: a video tribute to our Members
  • 9:22 Gregory Mounier, Europol - The impact of GDPR

Related content