Cyber Resilience Act increases cybersecurity standards for products containing digital components, requiring manufacturers and traders to ensure cybersecurity throughout the lifecycle of their products.
From baby monitors to smartwatches, products and software with digital components are ubiquitous in our daily lives. Less obvious to many users are the security risks that these products and software may pose.
The Cyber Resilience Act (CRA) aims to protect consumers and businesses buying software or hardware with digital components. The CRA addresses the insufficient level of cybersecurity of many products and the lack of timely security updates. It also addresses the challenges faced by consumers and businesses in determining which products are cyber-secure and how to place them safely. The new requirements will make it easier to take cybersecurity into account when choosing and using products with digital elements, making it easier to identify hardware and software products with satisfactory security features.
The CRA introduces mandatory cybersecurity requirements that manufacturers and dealers must comply with when planning, designing, developing and maintaining products. These obligations apply at every stage of the value chain. The act also requires manufacturers to provide support throughout the lifecycle of their products. Some critical products of particular importance for cybersecurity will have to undergo a third-party assessment by an authorised body before being sold on the EU market.
The Regulation applies to all products that are directly or indirectly connected to other devices or network, except for certain exceptions such as certain open source software or service products that are already regulated by existing regulations, such as medical devices, aviation and cars. The products will bear the CE marking to indicate their compliance with the CRA requirements. The new rules shift the responsibility to manufacturers, who must ensure that their products with digital elements meet cybersecurity standards for the EU market, allowing customers to make more informed choices and trust CE-marked products.
Cyber Resilience Act entered into force on 10 December 2024.
English 
Croatian 
Italian 