Parliament and Council negotiators reached an informal agreement on the Cyber Resilience Act, which aims to ensure that products with digital features are secure to use, resilient against cyber threats and provide enough information about their security properties.

The rules will put important and critical products into different lists based on their criticality and the level of cybersecurity risk they pose. Two lists will be proposed and updated by the European Commission. During negotiations, MEPs secured an expansion of the list of covered devices with products such as identity management systems software, password managers, biometric readers, smart home assistants and private security cameras. Products should also have security updates installed automatically and separately from functionality ones.

MEPs also pushed for the European Union Agency for Cybersecurity (ENISA) to be more closely involved when vulnerabilities and incidents occur. The agency will be notified by the…