ENTSO-EHaving products with digital elements that have strong cybersecurity requirements is key to mitigate cybersecurity risks in the long term. The proposed Cyber Resilience Act (CRA) will be a major step in improving product security.
The CRA lays down direct obligations for manufacturers, importers, and distributors, but it also seeks to improve the security of critical infrastructures by setting stricter conformity assessment requirements for critical products. For Transmission System Operators (TSOs), as operators of critical energy infrastructure, it is crucial that the CRA is designed in a way that optimally supports TSOs to mitigate cybersecurity risks and is consistent with other relevant EU legislations.
In this respect, besides the CRA, TSOs will need to comply with two other EU cybersecurity legislations that address the cybersecurity of products: the NIS2 Directive and the upcoming Network Code on cybersecurity (NCCS). ENTSO-E believes that the alignment with the NCCS can be improved. In particular, the requirements developed under the NCCS should be considered as sectoral rules under the CRA to avoid a multiplication of different risk assessments. In addition, TSOs call for further transparency from manufacturers regarding the type of risks a product can mitigate.
READ THE POSITION PAPER HERE