What will happen to non-compliant products?

Member States will appoint market surveillance authorities, which would be responsible for the enforcement of the Cyber Resilience Act obligations.

In case of non-compliance, market surveillance authorities could require operators to bring the non-compliance to an end and eliminate the risk, to prohibit or restrict the making available of a product on the market, or to order that the product is withdrawn or recalled. Each of these authorities will be able to fine companies that do not adhere to the rules. The Cyber Resilience Act establishes maximum levels for administrative fines, which should be provided for in national laws in cases of non-compliance.