Dear EDRis,
Thank you for allowing me to cross-post this so everyone has seen it:
While the overall work on the Cyber Resilience Act is going rather well (as compared to other legislative dossiers I assume), one of the problems that still persists: The EP wants to compel manufacturers of connected devices to notify the EU's Agency for Cybersecurity ENISA about details of unpatched security vulnerabilities.
Given EU member states' track record of state-sanctions hacking, we believe it's a bad idea to create government-run databases full of zero-day exploits.
I have therefore drafted an open letter to lawmakers working on the CRA to fix that problem and would like to kindly ask you to co-sign it individually if you can by Monday, 12 June at noon.
Please also let me know should you have any major concerns with
the draft letter.
Thanks a lot!
Jan
JAN PENFRAT
SENIOR POLICY ADVISOR
EUROPEAN DIGITAL RIGHTS
Rue Belliard 12, B-1040 Brussels
Matrix: @jan:penfrat.net
Phone: +32 2 274 25 76
www.edri.org | Mastodon | PGP