Chief executives from six technology companies including Nokia, Ericsson and ESET have voiced concerns over the Cyber Resilience Act (CRA).

In an open letter to various EU politicians responsible for implementing the laws including MEP Nicola Danti, the companies warned that the CRA could lead to supply chain disruptions similar to those seen during the pandemic and harm the region’s competitiveness.

The companies, led by industry group DigitalEurope, said a list of higher-risk products subject to the CRA should be scaled back and manufacturers should be allowed to fix known vulnerability risks rather than first conducting assessments.

“The law as it stands risks creating bottlenecks that will disrupt the single market, affecting millions of products– from washing machines to toys, cybersecurity products, as well as vital components for heat pumps, cooling machines and high-tech manufacturing,” the letter stated.

The letter added that the CRA would create “bottlenecks” as manufacturers must prove their products are compliant through third-party certifiers.

The companies also said that they are concerned over reporting, suggesting that the volume of reporting will be too high for public authorities to handle due to the shortage of around 300,000 cybersecurity specialists in Europe.

The letter said: “Reporting should be limited to incidents and vulnerabilities that pose a significant cybersecurity risk. To avoid duplication of efforts we also urge for the respect of the ‘one incident-one report’ principle.”

Share Story: