Tekve Oy Logo
Article

Week 48: Security Legislation Changes

Welcome to the Week 48 regulatory news review. Implementation of EU regulations such as the Cyber Resilience Act (CRA) and the AI Act is progressing.

Week 48: Security Legislation Changes

Welcome to the Week 48 regulatory news review. Implementation of EU regulations such as the Cyber Resilience Act (CRA) and the AI Act is progressing. We recommend studying the new guidelines and national legislative proposals carefully.

Understanding these changes and preparing in advance helps ensure compliance and competitiveness in the future.

viikko-48-tietoturvalainsaadannon-muutokset-image-2

CRA (Cyber Resilience Act)

There have been no other updates this week regarding the national legislation itself, but several good articles have been published about the regulation. The National Cyber Security Centre (NCSC-FI) will host a webinar on December 12, 2024, regarding the general impacts of the CRA, which we highly recommend attending.

Link to NCSC-FI webinar (in Finnish): https://traficom.fi/fi/ajankohtaista/tilaisuudet/uusi-kyberkestavyyssaados-tulossa-nyt-aika-valmistautua-webinaari

GPSR (General Product Safety Regulation)

The European Commission has given its strongest indication that the General Product Safety Regulation (GPSR) will also apply to standalone software, even though this is not explicitly stated in the text of the law. This has significant implications for companies developing and marketing apps, games, and other software. Companies in these sectors (including suppliers of apps to consumers or operators of app stores) must consider what measures are required to comply with the new rules if the Commission’s current stance holds.

The Q&A document recently published by the Commission suggests that software falls within the scope of the regulation, and we expect further clarifications when the GPSR guidelines are published.

The regulation entered into force on May 12, 2023, and will be applied in member states as is from December 13, 2024. However, it seems that Finland’s national legislation is delayed, with the estimated presentation week scheduled for the third week of 2025.

Q&A document: https://ec.europa.eu/safety-gate/#/screen/pages/obligationsForBusinesses

Other sources: https://www.lexology.com/library/detail.aspx?g=6dec6c62-c8f5-458a-87d0-592110df2eea

CSRD (Corporate Sustainability Reporting Directive)

On November 25, 2024, the Ropes & Gray law firm published an updated document providing status details on the transposition of the EU Corporate Sustainability Reporting Directive (CSRD) across EU Member States and EFTA countries. It helps companies prepare for reporting requirements even if the national transposition of the directive is still ongoing. Additionally, the document contains information on reporting requirements, translation requirements, and publication practices.

Other sources: https://www.ropesgray.com/en/insights/viewpoints/102jple/an-update-on-eu-csrd-transposition-where-do-things-stand

AI Act

New statements have been submitted to the Ministry of Economic Affairs and Employment’s request for comments on the draft government proposal concerning the national implementation of the EU AI Act ((EU) 2024/1689).

New consultation responses of the week:

  • Työväen Sivistysliitto (Nov 29, 2024)
  • Eläketurvakeskus (Nov 28, 2024)
  • Liikenne- ja viestintävirasto (Nov 28, 2024)
  • Akava ry (Nov 28, 2024)
  • Hyvinvointialueyhtiö Hyvil Oy (Nov 28, 2024)
  • Etelä-Savon ELY (Nov 28, 2024)
  • Opetus- ja kulttuuriministeriö (Nov 27, 2024)
  • Pirkanmaan hyvinvointialue (Nov 26, 2024)
  • Teknologian tutkimuskeskus VTT Oy (Nov 26, 2024)
  • Ammattiosaamisen kehittämisyhdistys AMKE ry (Nov 26, 2024)

Link to the consultation portal (in Finnish): https://www.lausuntopalvelu.fi/FI/Proposal/Participation?proposalId=0e252297-c14b-4b6b-a0da-0a35756c9a90

Conclusion

Tekve Oy offers support in navigating and implementing legislative requirements, so feel free to contact us. See you next week!