Grégoire LEWIS posted in Cybersecurity
1 month ago
Public
Hello,
Another Cyber regulation popping-up: Cyber Resilience Act: https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act
Does anyone know what would be the impact on aviation stakeholders (if there is some) ? Or if Part-IS is already covering it somehow ?
Thanks
Hi Gregoire,
Aviation products that are certified for their airworthiness will not be affected by this rule. According to recital (27) of the Cyber Resilience Act "The certification process under Regulation (EU) 2018/1139 ensures the level of assurance aimed for by this Regulation.[...] Products with digital elements [..] certified in accordance with Regulation (EU) 2018/1139 should not therefore be subject to the essential cybersecurity requirements and conformity assessment
procedures set out in this Regulation."
The question is about non certified products used in the aviation world. An example are the UAS in the open and part of the specific category which will probably be subject to this regulation.
Then I expect that other type of supporting assets used by aviation organisations and their supply chain will be influenced by this regulation. This should fit with the requirements of Part-IS and will probably provide more assurance to organisations that are part of the supply chain and provide services to approved organisations.
Please log in or sign up to comment.