naSRPS EN 40000-1-2:2025

Cybersecurity requirements for products with digital elements - Part 1-2: Principles, product risk management, and lifecycle activities

Scope

This document specifies general cybersecurity principles and general risk management activities for all products with digital elements, hereafter also referred to as 'products'. This document covers every stage of the product lifecycle to ensure and maintain an appropriate level of cybersecurity based on the risks.
This document also provides generic elements to support the development of coherent product-category-specific standards (vertical standards).
This document:
— establishes generic cybersecurity principles applicable to all stages of the product lifecycle;
— specifies requirements for risk assessment and treatment of cybersecurity risks;
— specifies requirements on activities that can be applied to ensure an appropriate level of cybersecurity at every phase of the product lifecycle;
— provides elements and considerations for product category specific standards in order to facilitate a harmonized approach.
This document does not provide vertical product category specific activities and elements.

Related directives

NOTE: If the word "harmonized" (marked in green) is not found in the field with the name of the directive, it means that the European standard is not cited in the OJEU.