EU Cybersecurity Regulations Timeline
Fourteen different legal acts affecting cybersecurity for product manufacturers are in different stages of introduction across the European Union. Here, Amanita Security maintains a list of the different legal acts, their status within the legislative process, and the currently expected dates from which they will be applicable to organisations. Don’t forget to bookmark this page to track future updates !
Before diving into the list, however, it is important to understand the difference in terminology between two distinct dates, the date on which the regulation entered into force, and the date on which it becomes applicable.
The entry into force date is the moment at which a legal act becomes legally valid and binding. This can be a date specified in the legal act, or in absence thereof, on the twentieth day following its publication in the official journal.
The date of application is the moment at which the legal act becomes applicable and must be followed.
| Legislative Act | Current Status | Entry into force | Date of application |
|---|---|---|---|
| General Data Protection (GDPR) | Fully Applicable | 04-05-2016 | 25-05-2018 |
| Medical Devices | Partially Applicable | 25-05-2017 | 2017-2027 |
| In-Vitro Medical Devices | Partially Applicable | 25-05-2017 | 2017-2027 |
| Approval and market surveillance for motor vehicles | Partially Applicable | 04-07-2018 | 2018-2026 |
| Common rules in the field of Civil Aviation | Fully Applicable | 11-09-2018 | 2019-2023 |
| Type approval requirements for motor vehicles | Partially Applicable | 05-01-2020 | 2022-2027 |
| Updated Radio Equipment Directive | Entered into Force | 01-02-2022 | 01-08-2025 |
| NIS 2 Directive | Entered into Force | 16-01-2023 | 2027-2028 |
| Digital Operational Resilience Act (DORA) | Entered into Force | 16-01-2023 | 2023-2029 |
| General Product Safety | Entered into Force | 12-06-2023 | 2023-2029 |
| Machinery Regulation | Entered into Force | 19-07-2023 | 2023-2032 |
| Data Act | Entered into Force | 11-01-2024 | 2024-2028 |
| Common Criteria Cybersecurity Certification | Entered into Force | 27-02-2024 | 27-02-2025 |
| Cyber Resilience Act | In preparation | undefined | undefined |
Article last updated: 13th of September 2024
Amanita Security specializes in guiding manufacturers through these complex cybersecurity requirements. Get in touch to discuss how we can help you be compliant in time.