Brussels, |
|
DIGITAL EUROPE
Cyber Resilience Act
The Cyber Resilience Act (CRA) Regulation has been in force since December 2024
The Cyber Resilience Act enhances cybersecurity standards for any hardware or software (i.e., products with a digital component) that can connect—directly or indirectly—to another device or network. It entered into force on 10 December 2024, with its main obligations applying from 11 December 2027. This law places mandatory cybersecurity requirements on manufacturers and retailers at every stage of the product lifecycle, aiming to make all connected products—from baby monitors to smart watches—safer.
Key Objectives
|
Integration with Broader EU Cybersecurity Efforts
Future Outlook (2024–2029 Commission Mandate)
By enforcing rigorous cybersecurity standards and sharing responsibility among manufacturers, retailers, and regulators, the Cyber Resilience Act helps build trust in the connected devices that are integral to modern life.
- EU Cyber Security Strategy: The CRA builds on the EU Cyber Security Strategy to protect both essential services (hospitals, energy grids, railways) and the increasing number of connected devices in homes and workplaces.
- EU Security Union Strategy: Complements the EU Security Union Strategy, aiming to safeguard Europe’s digital transformation.
- NIS2 Directive: The CRA operates alongside the NIS2 Directive, which sets broader cybersecurity requirements for critical infrastructure and essential services.
- European Union Agency for Cybersecurity (ENISA): The ENISA agency works to achieve a high common level of cybersecurity across Europe.
- CRA Expert Group: The upcoming Cyber Resilience Act Expert Group will assist and advise the European Commission on CRA implementation details.
Future Outlook (2024–2029 Commission Mandate)
- Enforcement of EU Digital Laws: Ensuring manufacturers and retailers comply with the new cybersecurity standards remains a high priority.
- Cybersecurity in Healthcare: The European Commission will propose a European action plan on the cybersecurity of hospitals and healthcare providers, to better protect Europe’s healthcare systems from cyber threats.
By enforcing rigorous cybersecurity standards and sharing responsibility among manufacturers, retailers, and regulators, the Cyber Resilience Act helps build trust in the connected devices that are integral to modern life.