Positions 26 Apr 2023

Cybersecurity Resilience Act

The European Commission’s proposal for a new Cyber Resilience Act (CRA) aims to safeguard consumers and businesses buying or using products or software with a digital component. CER highly welcomes the introduction of the CRA and is convinced that it will be a major instrument for increasing the overall cyber-security maturity of European infrastructure in general and specifically for railways.

As railways are a potential target of cyber attacks, railway stakeholders (both the railway operating community and the rail supply industry) are committed to fulfil their obligations to keep passengers and goods safe, trains protected, and the critical infrastructure secure. CER members are supportive of sound measures at EU level for the railway stakeholders, protecting railway systems, networks, and programs from digital attacks. With this compendium, CER therefore warns against excluding any supplier or vendor of digital products from the CRA unless equivalent sectorial legislation is in place.