Introduction
Technological evolution and the increasing reliance on digital systems have driven the need for stricter regulation in cybersecurity and data protection. In this context, this Regulation establishes a detailed regulatory framework for the marketing, use and security of products with digital elements within the European Union.
Definition of key concepts
Products with digital elements
A product with digital elements is one that consists of software or hardware, including its remote data processing solutions. It also encompasses software or hardware components that are introduced to the market separately.
Remote data processing
Refers to remote data management through software designed by the manufacturer. Its absence would prevent a product with digital elements from fulfilling its essential functions.
Cybersecurity
According to Regulation (EU) 2019/881, cybersecurity is defined as the ability to protect networks, systems and data against digital threats that may compromise their integrity, availability or confidentiality.
Software and hardware
Computer programs are those that constitute the code of an electronic information system, while computer hardware are the physical devices that enable the processing, storage or transmission of digital data.
Infrastructure and connectivity
Logical and physical connection
A logical connection is the virtual representation of a data connection via software, whereas the physical connection is made by tangible means such as cables, radio waves or electrical interfaces.
Indirect connection and end node
Indirect connection occurs when a device connects to a network through an intermediate system. The end node is any connected device that acts as an entry point to the network.
Digital ecosystem players
Economic operator and manufacturer
The economic operator is any natural or legal person involved in the manufacture, import or distribution of digital products. The manufacturer is whoever develops or markets products with digital elements under its brand, whether for commercial or open source purposes.
Open Source Community Manager
Legal entity that supports the development of free and open source software for commercial activities.
Importer and distributor
The importer introduces into the market products with digital elements coming from outside the European Union. The distributor, on the other hand, markets these products without altering their properties.
Regulatory compliance and safety
Support period
It is the time during which the manufacturer must guarantee the vulnerability management of its product in accordance with the established cybersecurity requirements.
Conformity assessment and notified bodies
Conformity assessment verifies whether a product complies with essential cybersecurity requirements. A notified body is an entity authorized to certify this compliance.
Cybersecurity risks
A cybersecurity risk is defined as the possibility of a loss or disruption caused by an incident. A significant risk is one that can generate serious consequences due to the high probability of exploitation of a vulnerability.
Incidents and protective measures
Vulnerabilities and threats
A vulnerability is a flaw in a product with digital elements that can be exploited by a cyber threat. If it is exploitable, it can be used by an attacker in real conditions, and if it has been actively exploited, it means that there is evidence that it has been used without authorization.
Incidents and recovery
A security incident affects the availability, authenticity, integrity or confidentiality of a digital product. There are also near-misses, which have not caused damage, but are evidence of a possible future threat. Recovery and recall of affected products are key processes to mitigate damage and avoid future vulnerabilities.
Conclusion
This Regulation establishes clear guidelines to ensure the safety, marketing and responsible use of products with digital elements in the European Union. The correct application of these regulations not only protects consumers and businesses, but also strengthens confidence in the digital infrastructure and cybersecurity systems in a constantly evolving technological environment.
