---
title: "Recital 13"
url: "https://prighter.com/resources/laws/cybersecurity-act/recitals/recital-13"
type: "recital"
date: "2025-05-21T12:45:20.693Z"
---

# Recital 13

Undertakings, organisations and the public sector should configure the ICT products, ICT services or ICT processes designed by them in a way that ensures a higher level of security which should enable the first user to receive a default configuration with the most secure settings possible (‘security by default’), thereby reducing the burden on users of having to configure an ICT product, ICT service or ICT process appropriately. Security by default should not require extensive configuration or specific technical understanding or non-intuitive behaviour on the part of the user, and should work easily and reliably when implemented. If, on a case-by-case basis, a risk and usability analysis leads to the conclusion that such a setting by default is not feasible, users should be prompted to opt for the most secure setting.

## Sitemap

- Site map (Markdown): https://prighter.com/sitemap.md
- LLMs index: https://prighter.com/llms.txt
