Finland proposes national rules to implement EU Cyber Resilience Act

The Finnish Government has proposed national legislation supplementing the Cyber Resilience Act, which introduces cybersecurity requirements for connected products and software placed on the EU market.

The new rules are scheduled to enter into force on 1 June 2026, with phased implementation linked to the Cyber Resilience Act’s transition periods during 2026 and 2027.

Under the proposal, Finland would create a new national act covering supervision of cybersecurity obligations for products with digital elements, oversight of conformity assessment bodies, administrative sanctions, and national provisions related to EU cybersecurity certification schemes.

The Finnish Transport and Communications Agency, known as Traficom, would become the main authority responsible for market surveillance under the Cyber Resilience Act and for supervising notified conformity assessment bodies.

At the same time, supervision of high-risk AI systems would remain with authorities responsible for enforcing the Artificial Intelligence Act within their respective sectors.

The proposal also establishes a process for conformity assessment bodies to apply for official notification status from June 2026, allowing them to conduct assessments recognised across EU member states.

Another part of the legislation concerns domain registration data. Finland plans to expand obligations under the NIS2 Directive by adding new rules on collection and disclosure of domain registration information.

The changes would extend beyond Finland’s national .fi and .ax domains to cover cases where registrars or top-level domain registries are located in Finland.

The proposal is notable because it combines several separate EU cybersecurity frameworks into one national implementation structure. Product cybersecurity, AI supervision, certification procedures, and domain registration oversight would all involve overlapping regulatory responsibilities distributed across multiple Finnish authorities.