Tech event: Cyber Resilience and Data Act
In future, manufacturers of networked devices will have to fulfil the requirements of several new directives: the Cyber Resilience Act, the Data Act and the new Radio Equipment Directive. Who is affected? How can the requirements be implemented most efficiently?
New regulations
Several new regulations from the EU will keep manufacturers of networked devices busy in the coming months and years: The Cyber Resilience Act, which makes devices more robust against cyber attacks, the Data Act, which gives customers sovereignty over their data, and the Radio Equipment Directive, which was given an addition for internet-connected devices in 2022.
Data Act
Although the Cyber Resilience Act is more present in the media, the Data Act is likely to affect more manufacturers. From September 2025, when the Act comes into force, the data stored and transmitted by a device will belong to the customer. They must be able to use the data themselves and also decide whether they want to pass it on – for example to the manufacturer of the device.
Cyber Resilience Act
From the end of 2027, the Cyber Resilience Act will apply: manufacturers will be responsible for the IT security of networked devices – throughout their entire service life. This will be a challenge in many consumer sectors. Many industrial sectors have already taken the first steps. The Machinery Directive, for example, also requires IT security measures. However, there are major differences depending on the sector.
Radio Equipment Directive
Until now, the Radio Equipment Directive (RED) has primarily regulated electromagnetic compatibility and personal safety. In 2022, the RED was supplemented with an addition for the cyber security of internet-enabled radio equipment. The new directive will apply from August 2025 and affects all devices, machines and systems with wireless interfaces.
Best Practices
At the tech event, we will use realised projects to show how systems can be protected against cyber attacks by design (security by design) or how data can be made available to users via suitable interfaces (data access by design). One focus will be on building technology: Here, many devices are networked via various industry standards and communication protocols. The software of distributed devices can often only be updated with great effort or not at all. However, an update option throughout the entire product life cycle is important in order to keep the software up to date and protect the devices against attacks.
Sprecher
-
Alexander Schmid
Partner at epartners Rechtsanwälte. Has technical experience as a software developer and has been advising companies in the IT sector and the mechanical and electrical engineering industry as a lawyer for 15 years. -
David Gschwend
Department Head High Performance Systems at SCS -
Katrin Blattner-Kempin
Department Head Intelligent Buildings at SCS
Program
Supercomputing Systems AG, Technopark Zurich, Tuesday, May 06, 2025- 17:00 Uhr
- Greeting Christof Sidler, Chairman of the Executive Board at SCS
- 17:10 Uhr
- Overview from a legal perspective Alexander Schmid categorises the Cyber Resilience and Data Act and the Radio Equipment Directive from a legal perspective.
- 17:25 Uhr
- Best practice: IT security for controlling a large marine engine David Gschwend shows from the developer's point of view how IT security, or rather OT security (operational technology), is implemented in a specific project.
- 17:35 Uhr
- Focus on building technology Katrin Blattner-Kempin focusses on building technology: What are the typical challenges with regard to the two directives? How should they be tackled?
- 17:45 Uhr
- Q&A Ask our speakers!
- 18:00 Uhr
- Aperitif Exchange with other participants