The impact of cybersecurity on the conformity of goods with digital elements

Abstract

The purpose of this paper is to analyse the interplay between Directive (EU) 2019/771 on certain aspects of contracts for the sale of goods and the new proposal for a Regulation on cyber-resilience. Both regulations address the obligations of two economic operators at different stages of the supply chain, the sellers and the manufacturers.

The proposal of Cyber Resilience Act provides for procedures to determine the conformity of products with digital elements at the time they are introduced on the market. Therefore, the manufacturer's diligence will also affect the seller's liability for these products when they are revealed to be faulty with the sales contract. In this regard, the current Directive (EU) 2019/771 does not provide for cybersecurity as a criterion for determining the conformity of goods with digital elements. Also, the seller's liability for non-conformity is limited to a time period of two years, while the manufacturer must maintain the conformity of its products with digital elements for the lifetime of the product by providing security updates. This paper addresses the problems posed by the interaction of the two legislations and discusses possible solutions.