In close collaboration with security experts across European industry and international partners, the European Commission is working to secure the supply chain by following secure-by-design principles.
“I believe we’ve launched the biggest standardization request ever for this specific piece of legislation,” said Christiane Kirketerp de Viron, referring to the EU’s Cyber Resilience Act, at the TechNet International 2025 conference held in Brussels.
De Viron currently serves as the acting director at Digital Society, Trust and Cybersecurity for the European Commission’s Directorate General for Communications Networks, Content and Technology, or DG CONNECT.
“We set a framework for all companies that want to sell any kind of hardware or software in the union that they have to do secure by design,” de Viron said. Every product development stage must incorporate a security element, she added.
“That also means that once you place your product on the market, you can’t just drop it and forget about it. You have to do the security updates; you have to provide the patches; you have to help your users actually make sure that this is a secure product.”
The approach is an opportunity for strategic partnerships with the defense industry, she stated.
De Viron’s office has also drawn on lessons learned from the war in Ukraine to work on response capabilities.
“It has taught us a lot about the need to actually have additional capabilities ready,” she said. Therefore, DG CONNECT is in the process of developing a mechanism to allow trusted private providers to serve as backups during moments of crisis for member states or associated countries such as Ukraine.
