Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect / IR - Infrastructure

EU Regulation 2019/1020 Cyber Resilience Act (CRA)

This document focuses on:

The EU Cyber Resilience Act (CRA) is a regulation aimed at enhancing cybersecurity for hardware and software products with digital elements placed on the EU market. It establishes mandatory cybersecurity requirements that manufacturers must follow throughout a product’s lifecycle, from design and development to post-market support. The CRA addresses two main issues: the low level of cybersecurity in digital products and the lack of user information to make secure choices. It requires secure-by-design practices, regular risk assessments, transparency about vulnerabilities and security updates, and mandates reporting of actively exploited vulnerabilities to authorities within 24 hours. The Act applies broadly to products with digital elements, excluding certain sectors like medical devices and vehicles, and imposes obligations on manufacturers, importers, and distributors to ensure compliance and market surveillance. Its goal is to reduce cyber risks, protect consumers, and increase trust in digital products across the EU internal market.


Publication's URL

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52022PC0454

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *