\
Jurisdiction
European Union
Region
Europe
Requirement
Required
Policy
Cyber Resilience Act (CRA)
Applies to
Manufacturers of software and digitally-enabled devices in the EU Single Market
Provision
Annex 1 Sec. 2(5)
Description

Requires manufacturers to put in place and enforce a policy on coordinated vulnerability disclosure. 

Establish a coordinated vulnerability disclosure policy (CVD).

Full compliance deadline: December 10, 2027 

Early reporting obligations: Some provisions, like vulnerability reporting, may apply earlier, starting 21 months after the CRA enters into force


 

Date
December 10, 2024
Organization
European Union
View source
Jurisdiction
United Kingdom
Region
Europe
Requirement
Required
Policy
Product Security and Telecommunications Infrastructure (PSTI) Act
Applies to
Manufacturers, importers and distributors of consumer connectable products in the UK
Provision
Part 1, Chapter 2, Sec. 8 of the PSTI Act & PSTI Regulations 2023, Schedules 1 and 2
Description

The Product Security and Telecommunications Infrastructure Act 2022, Chapter 1 allows the Secretary of State to specify security requirements for connected devices.

PSTI Regulations 2023, Schedule 1, 2 requires that connected device manufacturers:Provide publicly available information on how to report security issues and publish in English at least one point of contact for security issues relating to their products (hardware or software), including when notifiers will receive acknowledgments and status updates, in an accessible, clear and transparent way, without any prior request for personal information.

Date
April 29, 2024
Organization
UK Parliament
View source
Subscribe to Required