The EU Cyber Resilience Act (CRA) is a regulation aimed at enhancing cybersecurity for hardware and software products with digital elements placed on the EU market. It establishes mandatory cybersecurity requirements that manufacturers must follow throughout a product’s lifecycle, from design and development to post-market support. The CRA addresses two main issues: the low level of cybersecurity in digital products and the lack of user information to make secure choices. It requires secure-by-design practices, regular risk assessments, transparency about vulnerabilities and security updates, and mandates reporting of actively exploited vulnerabilities to authorities within 24 hours. The Act applies broadly to products with digital elements, excluding certain sectors like medical devices and vehicles, and imposes obligations on manufacturers, importers, and distributors to ensure compliance and market surveillance. Its goal is to reduce cyber risks, protect consumers, and increase trust in digital products across the EU internal market.
Publication's URL
URL: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52022PC0454Publication's scorecard
Country: EU
Scope: Cyber
Typology: Regulation
Publication's date: October 23, 2024
Category: AppSec & SoFaSec, Infrastructure
Sector: Cross-Sector
Rating:
(No Ratings Yet)
Loading...Error: unable to get links from server. Please make sure that your site supports either file_get_contents() or the cURL library.