CEPS Project

Study on the need of Cybersecurity Requirements for ICT Products


The study aims at assisting the Commission in drafting a possible policy intervention to address the current need for cybersecurity for ICT products. Based on the evaluation findings and other sources, the study will identify key problems and objectives and draft classification of relevant ICT products, essential requirements and conformity assessment activities. CEPS’ role is to evaluate the set of policy options (Voluntary Measures; Horizontal Legislation; Sector-Specific Legislation; Mixed Approach) based on the gap analysis of existing EU legislation, the identified categories of ICT products and corresponding risk profiles and cybersecurity requirements.

Study on the need of cybersecurity requirements for ICT products

The study on the need of cybersecurity requirements for ICT products explores the current state of cybersecurity in ICT products and explores policy options

ICT products have helped our society become smarter and more connected. They bring with them benefits and opportunities for consumers and businesses alike. However, there are also challenges that need to be addressed.

The EU has undertaken several initiatives to improve laws around product cybersecurity. Yet, there are still areas that need legislation, such as cybersecurity requirements for ICT products.

This study looks into the current state of cybersecurity in ICT products, providing an analysis of the current regulatory landscape and exploring options for intervention by policy makers. It concludes that horizontal legislation would be the most cost-effective policy option, creating greater security in the EU, while enhancing business competitiveness.

Download the study (.pdf)


Carolina Polito

Associate Research Assistant

Lorenzo Pupillo

Associate Senior Research Fellow and Head of the Cybersecurity@CEPS Initiative

+32 (0)2 229 39 68