The Cyber Resilience Act (CRA), a pioneering EU regulation, officially entered into force. This legislation imposes mandatory cybersecurity standards on manufacturers of hardware and software products, ensuring that items with digital components meet strict security criteria before entering the EU market.
Key provisions of the CRA include obligations for manufacturers to provide timely software updates addressing security vulnerabilities and to offer ongoing security support to consumers. Products compliant with these requirements will bear the CE marking, indicating adherence to EU cybersecurity standards. While the Act is now in force, the main obligations will become applicable from 11 December 2027, allowing manufacturers time to align with the new regulations.
Henna Virkkunen, European Commission Executive Vice-President, said:
We are committed to making Europe a safe and secure place for our citizens and businesses to operate. This new regulation is a major step forward in ensuring digital products in the EU do not pose cyber risks to EU consumers.
The CRA complements the NIS2 cybersecurity framework, which was implemented last year, and is part of a broader strategy by the EU to bolster cybersecurity in an increasingly digital and connected Europe.
To learn more about how the Cyber Resilience Act enhances the EU’s digital security landscape, click here.