EU governments reject requiring manufacturers to report vulnerabilities to central cyber agency

European Union governments have pushed back on the central role initially suggested for the bloc’s cybersecurity agency, rejecting a proposal requiring manufacturers to report actively exploited vulnerabilities to the European Union Agency for Cybersecurity (ENISA). Instead, in its amended version of the proposed Cyber Resilience Act (CRA), the European Council calls for manufacturers to disclose

act actively exploited agency back cyber cyber resilience cyber resilience act cybersecurity enisa european union exploited government reject report resilience role version vulnerabilities