Strengthening Cybersecurity Through Standardisation: The Proposed Cyber Resilience Act

As the digital landscape continues to evolve, the need for robust cybersecurity measures becomes increasingly paramount. With cyber threats growing in sophistication and frequency, the establishment of standardised practices is essential to enhance cyber resilience.

This article explores the importance of standardisation in the realm of cybersecurity in view of the implementation of the proposed Cyber Resilience Act. Additionally, a call for proposals for EU action grants on Standardisation in the Area of Cybersecurity, under the Digital Europe Programme (DIGITAL), is currently open, inviting stakeholders (notably European standardisation bodies and conformity assessment bodies), industry players, and relevant actors that play a role in the European standardisation process and in the implementation of the Cyber Resilience Act and Cybersecurity Act, to secure funding to enhance standardisation efforts which can bolster awareness and engage stakeholders in shaping a secure digital future.

Standardisation plays a crucial role in cybersecurity by providing a common framework and guidelines for organisations and individuals to follow. It establishes a baseline of best practices that ensure consistent protection against cyber threats. Standardised approaches simplify security implementation, improve interoperability, and enhance the overall effectiveness of cybersecurity measures.

The Cyber Resilience Act is a proposed regulation aimed at strengthening cybersecurity across various sectors. Its main purpose is to introduce cybersecurity requirements for the development of secure hardware and software that will be used throughout the product’s entire lifecycle, as well as to obligate manufacturers to maintain the product’s security for at least five years after its market launch. Additionally, it emphasizes the importance of standardization to achieve higher levels of cyber resilience. The Act seeks to establish a comprehensive framework that addresses critical aspects of cybersecurity, including risk management, incident response, and information sharing. By outlining standardised practices, the Act aims to promote a proactive and coordinated approach to cybersecurity at both organizational and national levels.

One of the key benefits of standardisation in cybersecurity is the improved awareness it brings. By adopting standardised practices, organisations can gain a deeper understanding of potential vulnerabilities and develop effective countermeasures. Standardisation also facilitates the dissemination of knowledge and best practices among stakeholders, leading to greater awareness of emerging threats and the latest cybersecurity advancements.

Standardisation in cybersecurity requires the active involvement of stakeholders from various sectors. The proposed Cyber Resilience Act seeks to engage stakeholders through consultations, public-private partnerships, and collaboration with industry experts. By involving stakeholders, such as government agencies, industry associations, and cybersecurity professionals, the Act aims to gather diverse perspectives and ensure that the standards developed are practical, relevant, and widely accepted.

Engaging stakeholders in standardisation work fosters a collective commitment to cybersecurity. It allows for the identification of sector-specific challenges, enabling tailored solutions that address unique risks. Stakeholders’ active participation also fosters a sense of ownership, encouraging organizations and individuals to adhere to standardised practices voluntarily. Furthermore, stakeholder engagement ensures that standards are regularly reviewed and updated to keep pace with evolving threats and technological advancements.

Standardisation plays a vital role in enhancing cybersecurity measures and bolstering cyber resilience. The proposed Cyber Resilience Act demonstrates the recognition of standardisation’s significance in combating cyber threats. By promoting awareness and engaging stakeholders, the Act seeks to establish a unified approach to cybersecurity that fosters collaboration, innovation, and a more secure digital environment. Embracing standardised practices empowers organizations and individuals to proactively defend against cyber threats, ultimately safeguarding our interconnected world.

The European Commission, through the Directorate-General for Communication, Networks, Content and Technology (DG Connect), on behalf of the European Cybersecurity Competence Centre (ECCC) on the 25th May 2023 has launched a call in accordance with the 2023-2024 Work Programme for DIGITAL, to facilitate the implementation of the CRA, whereby harmonised standards would be developed, by which if followed, would trigger the presumption of conformity with the CRA essential cybersecurity requirements to which they correspond. This will be complementary to actions by the National Cybersecurity Coordination Centres, which will play a key role in reducing negative cross-border spill overs and subsequent costs to society to mitigate the risks associated with non-secure products.

The deadline for proposals is 26th September 2023, whereby projects under the topic DIGITAL-ECCC-2023-DEPLOY-CYBER-04-STANDARDISATION will be 100% funded by the European Commission with no minimum amount funding requirement. Maximum project length is 36 months. Activities covered by this topic include the organisation of events, workshops, stakeholder consultations, and production of white papers, all fostering the development of harmonised standards and conformity with requirements stemming from above mentioned legislative framework, as well as the support for participation of relevant European experts in European and international cybersecurity standardisation forums.

The National Cybersecurity Coordination Centre for Malta, under the auspices of MITA, aims to promote EU funding opportunities within Maltese territory and provide technical assistance to Maltese entities to apply for EU-funding calls. In this manner, information on this call for proposals is available on the NCC-MT website –

This article is co-funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the European Cybersecurity Competence Centre can be held responsible for them.