The proposal for a regulation on horizontal cybersecurity requirements for hardware and software, known as the EU Cyber Resilience Act (CRA), would introduce common cybersecurity requirements to apply throughout the expected lifecycle of devices.
At present, there are no general cybersecurity requirements at EU level applying to all devices with digital elements. The existing cybersecurity rules apply specifically to certain products or sectors (e.g. the EU Cybersecurity Act, ECA).
The draft regulation covers a wide range of hardware and software. It applies the same cybersecurity requirements to all devices but adapts the way of assessing conformity to their risk level.
The draft CRA targets mainly manufacturers by imposing on them cybersecurity requirements in relation to the design of devices with digital elements. After the devices have been placed in the EU market, manufacturers would have to exercise a duty of care for at least five years.
Devices which do not comply with the requirements introduced by the draft regulation would be prohibited from accessing the EU market.
Our new cheat sheet provides an overview of the obligations introduced by the draft CRA and can be downloaded hereunder:
(Updated 13 December 2024)
Clients of our European Digital Economy service, can also access it directly on our client portal via the following link:
more news
27 March 25
Many MENA countries taking steps to switch off 2G and 3G networks
Our latest benchmark on 2G and 3G networks switch-off shows the status in 13 MENA countries.
26 March 25
Fast payment schemes are becoming increasingly common in the Americas
Our latest benchmark covers digital payment initiatives in selected countries in the Americas, as well as efforts to promote open banking, interoperability and prevent financial scams.
25 March 25
Affordability of universal telecoms service in Europe – spotlight on Croatia
Cullen International’s benchmark on affordability of universal service in telecoms now covers 14 European countries, including Croatia.