Skip to Main Content

Accessibility makes new cybersecurity requirements more robust

A package of standards is being developed to support a new EU regulation on cybersecurity. We have been tasked with helping standardisation organisations ensure that the standards take accessibility into account.

The new EU Regulation on Cyber Resilience sets higher requirements for products and software sold in the EU to be secure, both for businesses and consumers.

For this legislation to work in practice, technical standards are needed to explain how manufacturers should fulfil the requirements. The European standardisation organisations CEN, CENELEC and ETSI are currently working on such harmonised standards, which will be an important tool for both industry and regulators.

Security must work for everyone

It is essential that the new security standards do not clash with other rules, such as the European Accessibility Act (EAA), which also applies to many digital consumer products.

Forgetting accessibility in security solutions risks creating problems for people with disabilities – and new security threats, says Susanna Laurin, Managing Director and Chair at the Funka Foundation.

Necessary security features such as authentication, encryption and software updates must be designed in a way that allows them to be used by persons with disabilities. If the login is not accessible, some users may be forced to bypass security features in order to use the product at all.

We make sure that security does not collide with accessibility

Experts from the Funka Foundation have therefore, together with colleagues in standardisation, been tasked with ensuring that the new standards take into account accessibility requirements.

The assignment covers both general and product-specific standards developed in CEN/CENELEC/JTC 13 WG9

European standardisation on cyber resilience and data protection, opens in a new window