CRA

The Cyber ​​Resilience Act (CRA) is a new European regulation that aims to improve the cyber resilience of products with digital elements placed on the EU market. Adopted on March 12, 2024, the CRA enters into force 20 days after its publication in the Official Journal of the European Union, and no later than 20 days after June 27, 2024. Most of the provisions of the CRA will be applicable 36 months after the entry into force of the regulation.

Objectives of CRA

The CRA has four main objectives:

  • Improve product security with digital elements: The CRA prescribes minimum security requirements for products with digital elements, such as smartphones, computers and software.
  • Increase transparency: Manufacturers are obliged to provide information on the safety characteristics of their products with digital elements to customers and supervisory authorities.
  • Facilitate the procedure for supervisory authorities: The CRA establishes a framework for cooperation between national supervisory authorities to facilitate the supervision of products with digital elements.
  • Encourage innovation: The CRA encourages innovation in cyber security by creating a predictable and proportionate regulatory framework.

Who is the CRA intended for:

The CRA applies to manufacturers and distributors of products with digital elements placed on the EU market. Products with digital elements are those that contain software or have the ability to connect to the Internet.

Key provisions of the CRA

The CRA introduces a number of key provisions to improve the security of products with digital elements, including:

  • Requirements for security management: Manufacturers must establish and maintain a safety management process for products with digital elements.
  • Risk evaluation: Manufacturers must assess the security risks of their products with digital elements.
  • Risk mitigation measures: Manufacturers must implement appropriate risk mitigation measures for their products with digital elements.
  • Procedure for notification of security flaws: Manufacturers must notify regulatory authorities and customers of security flaws in their products with digital elements.
  • Market surveillance: Supervisory authorities are responsible for monitoring the implementation of the CRA by manufacturers and distributors.

Importance of CRA

CRA is a significant step forward in improving the cyber resilience of products with digital elements.
Regulation will help protect consumers from harmful software, hacker attacks and other cyber threats. The CRA will also help create a more trusted digital marketplace and drive innovation in cybersecurity.

Conclusion

CRA is a comprehensive framework for improving the cyber resilience of products with digital elements. Regulation will help protect consumers, encourage innovation and create a more reliable digital marketplace.

Additional information

https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act

Contact us

Name and surname*
This field is for validation purposes and should be left unchanged.

or call us

+385 1 3079 340 (landline)
+385 91 4846 725 (cellphone)