Rockwell Automation applauds the European Union's efforts to improve the resilience of critical industries and infrastructure through the EU Cyber Resilience Act.
The draft act was approved in March 2024 and is under linguistic and legal review. It is expected to be published in the EU Official Journal by the end of 2024. The act requires compliance for all new products starting three years after publishing.
In parallel with the European Union's review and publishing efforts, the European standards organization, CEN/CENELEC, commenced working groups to develop vertical and horizontal standards to implement the act. Rockwell Automation is actively engaged with industry groups in the EU and the U.S. to understand and align with the emerging act and underlying standards.
Rockwell Automation has long championed cybersecurity in our products. As examples of our commitment, we,
- Delivered the world's first IEC 62443-4-2 SL1-certified programmable logic controller;
- Implemented Ethernet/IP, the leading secure industrial protocol;
- Operate an IEC 62443-4-1 ML4-certified product development lifecycle;
- Operate an IEC 62443-2-4 ML4-certified delivery lifecycle, demonstrating secure integration and maintenance capability;
- Certified our PlantPAx architecture to IEC 62443-3-3 SL1, following our IEC 62443-2-4 SL4 delivery lifecycle;
- Proved that our PlantPAx architecture could be certified in the real world by achieving IEC 62443-3-3 SL1 certification for our Milwaukee facility, following an IEC 62443-2-1 aligned security program;
and we intend to be a leader in the context of the EU Cyber Security Act once it is fully defined and approved.