Connected devices are increasingly pervasive in the Single Market, and so are the cyber threats and cyberattacks that affect them. The European Commission has identified the persistently sub-optimal level of cybersecurity of connected devices as the result of structural regulatory and market failures. To address this problem, Regulation (EU) 2024/2847 (Cyber Resilience Act, CRA) establishes horizontal cybersecurity requirements for products with digital elements. Early legal scholarship has largely concentrated on the CRA’s technical and compliance architecture, leaving its liability and consumer redress implications underexplored. Against this backdrop, this Chapter aims to address that gap by analysing avenues of consumer redress for cybersecurity-related harm caused by connected products, particularly where CRA’s requirements and obligations are not respected by relevant economic operators. It does so by examining the interaction between the CRA, the Representative Actions Directive (Directive (EU) 2020/1828), and the revised Product Liability Directive (Directive (EU) 2024/2853), with particular attention to their combined impact on collective and individual enforcement.

Chiara, P.G. (2026). EU Products Cybersecurity, Liability and Consumer Protection. Torino : Routledge - Giappichelli.

EU Products Cybersecurity, Liability and Consumer Protection

Pier Giorgio Chiara
2026

Abstract

Connected devices are increasingly pervasive in the Single Market, and so are the cyber threats and cyberattacks that affect them. The European Commission has identified the persistently sub-optimal level of cybersecurity of connected devices as the result of structural regulatory and market failures. To address this problem, Regulation (EU) 2024/2847 (Cyber Resilience Act, CRA) establishes horizontal cybersecurity requirements for products with digital elements. Early legal scholarship has largely concentrated on the CRA’s technical and compliance architecture, leaving its liability and consumer redress implications underexplored. Against this backdrop, this Chapter aims to address that gap by analysing avenues of consumer redress for cybersecurity-related harm caused by connected products, particularly where CRA’s requirements and obligations are not respected by relevant economic operators. It does so by examining the interaction between the CRA, the Representative Actions Directive (Directive (EU) 2020/1828), and the revised Product Liability Directive (Directive (EU) 2024/2853), with particular attention to their combined impact on collective and individual enforcement.
2026
EU Product Liability Law: Platforms, Internet of Things and Artificial Intelligence
295
318
Chiara, P.G. (2026). EU Products Cybersecurity, Liability and Consumer Protection. Torino : Routledge - Giappichelli.
Chiara, Pier Giorgio
File in questo prodotto:
Eventuali allegati, non sono esposti

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/1070110
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
  • OpenAlex ND
social impact