The reduced and simplified EU legal texts and standards scheme.Abstract
Cyber-physical systems (CPS) are tools used by humans to enhance the way they perform tasks. CPSs make tasks more efficient, more precise, and safer. Those systems are omnipresent in human lives, e.g., in cars with Advanced Driver Assistance Systems (ADAS), in Unmanned Aerial Vehicles (UAV) for self-balancing or even in medical devices. CPSs can read information from the real world, process it, and affect the real world back, considering constraints such as real-time processing. Furthermore, the safety and security of the software controlling the CPS are directly linked with the safety and security of human bystanders. The European Union (EU) has a process to assess the conformity of specific products exchanged within the EU to ensure the safety of its citizens. Recently, regulations and directives such as the Cyber Resilience Act (CRA) pressed European actors to provide compliant software products. Requirements on software started with the Medical Device Regulation (MDR) in 2017. However, technical requirements are challenging to understand from legal texts, and certification processes rely solely on manufacturer documentation. On the one hand, the EU has difficulty monitoring and opening the European market to products deemed compliant. On the other hand, manufacturers have difficulty understanding what is technically required of them when introducing products. This thesis aims to reconcile both parties.
