Article 10 Enhancing skills in a cyber resilient digital environment

The effectiveness of the implementation of this Regulation will also depend on the availability of adequate cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; skills. At Union level, various programmatic and political documents, including the Commission communication of 18 April 2023 on Closing the cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; talent gap to boost the EU’s competitiveness, growth and resilience and the Council Conclusions of 22 May 2023 on the EU Policy on Cyber Defence acknowledged the cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; skills gap in the Union and the need to address such challenges as a matter of priority, in both the public and private sectors. With a view to ensuring an effective implementation of this Regulation, Member States should ensure that adequate resources are available for the appropriate staffing of the market surveillance authoritiesmeans a market surveillance authority as defined in Article 3, point (4), of Regulation (EU) 2019/1020; and conformity assessment bodiesmeans a conformity assessment body as defined in Article 2, point (13), of Regulation (EC) No 765/2008; to perform their tasks as laid down in this Regulation. Those measures should enhance workforce mobility in the cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; field and their associated career pathways. They should also contribute to making the cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; workforce more resilient and inclusive, also in terms of gender. Member States should therefore take measures to ensure that those tasks are carried out by adequately trained professionals, with the necessary cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; skills. Similarly, manufacturersmeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should ensure that their staff has the necessary skills to comply with their obligations as laid down in this Regulation. Member States and the Commission, in line with their prerogatives and competences and the specific tasks conferred upon them by this Regulation, should take measures to support manufacturersmeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; and in particular microenterprises, ‘small enterprises’ and ‘medium-sized enterprises’ mean, respectively, microenterprises, small enterprises and medium-sized enterprises as defined in the Annex to Recommendation 2003/361/EC; and small and medium-sized enterprises, including start-ups, also in areas such as skill development, for the purposes of compliance with their obligations as laid down in this Regulation. Furthermore, as Directive (EU) 2022/2555 requires Member States to adopt policies promoting and developing training on cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; and cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; skills as part of their national cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; strategies, Member States may also consider, when adopting such strategies, addressing the cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; skills needs resulting from this Regulation, including those relating to re-skilling and up-skilling.