Cybersecurity

Content Overview

Cybersecurity is the practice of ensuring protection against the criminal or unauthorized use of electronic data. This growing area of concern for companies is reflected in the growth of regulation in this area, with many countries laying down framework regulations establishing rules to protect consumers, society in general and governments from the different types of cyber vulnerabilities. 

This topic encompasses regulations, proposed, enacted & in force, aimed at strengthening cybersecurity and supporting documentation along the lines of national strategies and guidelines.

Regulatory and supporting measures on this topic in C2P focuses on:

• Cybersecurity for products that can connect to the Internet, a network or another device for data communications, usually referred to as connectable products, connected devices, products with digital elements, Internet of Things (IoT) devices and smart devices, including cybersecurity for specific products (e.g. radio equipment, medical devices, household appliances, automotive products, etc.) where such products contain electronic units/components and are connectable.
• National strategies that discuss product-specific cybersecurity requirements.

Recent regulations like the UK’s Product Security and Telecommunications Infrastructure Act 2022 (PSTI), Australia’s Cyber Security Act 2024, and EU’s Cyber Resilience Act 2024 (CRA) utilize the terms “relevant connectable products” and “products with digital elements”. These terms, together with “IoT devices”, “smart devices” and “connected devices” which are more commonly used by experts but often lack a unified definition, are broad and abstract. They can cover any types of products that can connect to a network like the Internet or other devices for data exchange.

Coverage Included

Our regulatory content in C2P is historically comprehensive with a robust QA process to ensure quality, consistency and accuracy. Below is a high level summary of our coverage for this topic:

• EU: Horizontal Cybersecurity Requirements for Products with Digital Elements, Regulation (EU) 2024/2847 (Cyber Resilience Act)
• Australia: Cyber Security Act, November 2024
• Australia: Cyber Security (Security Standards for Smart Devices) Rules, 2025
• UK: Product Security and Telecommunications Infrastructure Act (Cybersecurity of Connected Devices), 2022
• UK: Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products), Regulations, SI No. 2023/1007
• Indonesia: Cyber Security and Resilience, Draft Law, February 2025
• Japan: Labeling Scheme for IoT Products based on Japan Cyber-Security Technical Assessment Requirements (JC-STAR), 2025
• China: Basic Requirements and Test Methods for Consumer Internet of Things Product Security, Draft Standard, March 2025
• Singapore: IoT Cybersecurity Labelling Scheme Overview, Guidance Document, Version 1.3, September 2023
• Singapore: Cybersecurity Labelling Scheme for Medical Devices, Public Consultation, January 2023
• China: Technical Requirements for Vehicle Cybersecurity, Standard, GB 44495-2024
• USA: Implementation of the Cybersecurity Labelling Program for Internet of Things, 47 CFR 8, Final Rule, 89 FR 61242, July 2024
• California (USA): Connected Devices, Privacy and Consumer Protection, Senate Bill 327 Enacted, 2018
• Brazil: Minimum Cybersecurity Requirements for Telecommunications Equipment, Act No 77/2021
• EU: Cybersecurity for Internet-Connected Radio Equipment and Wearable Radio Equipment under Radio Equipment Directive (RED), Regulation (EU) 2022/30