The new European cybersecurity regulations NIS2 and the Cyber Resilience Act (CRA) will impose obligations on companies, manufacturers and developers of digital and connected products to improve security in the European Union.
Which sectors and products are affected by the new regulations and directives? What kind of obligations do they entail? What technical mechanisms will companies have to implement? Who will have to accredit or certify compliance? What penalties can non-compliance entail? What are the deadlines? What benefits does the new legislation bring to society?
These and many other technical and legal questions were answered during the technical conference “Cybersecurity in Industrial Automation and Robotics Environments”, jointly organised by the Robotekin Association, CYBASQUE and SPRI Digital at the central building of the Álava Technology Park.
This was a monographic session attended by fifty Basque companies interested in finding out how the implementation of the new European regulations on cybersecurity will affect them. The main objective of these regulations is to increase prevention and manage risks in order to prevent and minimise the impact of any incidents or attacks that may occur.
Andoni García, lawyer at Seinale, Ander Galisteo, Director of Industrial Security at CYBERTIX, David González, from the IKERLAN cybersecurity department, Kepa Sebal, Business Development Manager at Orbik, Unai Ayúcar from AliasRobotics, José Guerreira, Director of Operations at EUROCYBCAR, and Jon Churruca from SPRI Digital were responsible for revealing the key technical and legal challenges of these new regulatory frameworks, moderated by the director of Robotekin, Daniel Ruiz.
While NIS2 increases the requirements set by its predecessor NIS1 for critical sectors and extends regulation to new areas, the CRA sets security requirements for the design and lifecycle of products with digital components. Both regulations, which are causing concern due to their broad scope, threaten severe penalties for non-compliance, but they also represent an opportunity, a competitive advantage that builds confidence in the market.
Although many legal and technical aspects still need to be developed, all the speakers agreed that, sooner rather than later, if not directives and laws, it will be customers and consumers themselves who will demand cybersecurity measures, as incidents and cyberattacks are increasing every year and, with Artificial Intelligence, are becoming more precise.
The conference also showcased the range of cybersecurity support offered by SPRI, including training, capacity building and awareness-raising, as well as programmes to support corporate cybersecurity and SOC+ Certification services (RETECH), and support and assistance for the digital transformation of businesses.
This assistance can be consulted here: https://www.spri.eus/es/ayudas/ciberseguridad-empresarial/
