Please note that all my articles are for informational purposes only and not legal advice. I assume no liability for the content of my articles. The articles may be out of date, the legal situation may have changed, or the specific situation in a case may need to be assessed differently. A binding consultation can only be given by me directly in the individual case. Take advantage of my free brief consultation!
Suppliers of modern technologies and products in particular must always be up to date with regard to current case law and legislative developments in Europe and respond to developments. For blockchain/Web3 providers, it may be MiCAR, but for other IT providers, it could be the Cyber Resilience Act (CRA), a first draft of which was presented by the EU Commission in September. The law is intended to establish common cybersecurity standards for networked devices and services (“products with digital parts”) and thus help combat cybercrime. Its adoption is expected in 2023 (although it is of course questionable what a final version will look like in the end) and product developers should therefore deal with the contents early on. Currently, it is supposed to come into force already 2 years later. Not much time for normal product development cycles. If security breaches occur within the 24 months, there are active communication obligations even before then.
The regulations range from a commitment to certain standards to the possibility of being able to prohibit the sale of compromised products. Especially for manufacturers of desktop and mobile devices, virtualized operating systems, issuers of digital certificates, general-purpose microprocessors, card readers, robotic sensors, smart meters and IOT devices, the requirements are currently very high and compliance behind them is mandatory in order not to be subject to severe fines.
Incidentally, for financial providers (to the extent that web3/blockchain companies may be included), the Digital Operational Resilience Act (DORA) was passed by the EU Parliament on November 10, 2022, which also addresses cybersecurity for these companies/providers.
Marian Härtel is a lawyer and entrepreneur specializing in copyright law, competition law and IT/IP law, with a focus on games, esports, media and blockchain.