The European Union has published a Directive concerning measures for a high common level of security of network and information systems across the Union. The directive does not impose any new requirements on manufacturers that are not operators of essential services or digital services. Instead, it relies on existing rules on product liability.