The proposal for a regulation on horizontal cybersecurity requirements for hardware and software, known as the EU Cyber Resilience Act (CRA), would introduce common cybersecurity requirements to apply throughout the expected lifecycle of devices.
At present, there are no general cybersecurity requirements at EU level applying to all devices with digital elements. The existing cybersecurity rules apply specifically to certain products or sectors (e.g. the EU Cybersecurity Act, ECA).
The draft regulation covers a wide range of hardware and software. It applies the same cybersecurity requirements to all devices but adapts the way of assessing conformity to their risk level.
The draft CRA targets mainly manufacturers by imposing on them cybersecurity requirements in relation to the design of devices with digital elements. After the devices have been placed in the EU market, manufacturers would have to exercise a duty of care for at least five years.
Devices which do not comply with the requirements introduced by the draft regulation would be prohibited from accessing the EU market.
Our new cheat sheet provides an overview of the obligations introduced by the draft CRA and can be downloaded hereunder:
(Updated 13 December 2024)
Clients of our European Digital Economy service, can also access it directly on our client portal via the following link:
more news
17 April 25
Four-fifths of European mobile operators partially or completely sold their towers
Our latest benchmark analyses the business models adopted in 23 European countries, whether tower companies are registered under the general authorisation regime and if governments adopted specific legislation to stop foreign takeover of tower companies.
16 April 25
10 latest national developments in European telecoms regulation
Significant regulatory developments have recently taken place across Europe, particularly in the areas of fixed wholesale regulation and spectrum policy.
14 April 25
[INFOGRAPHIC] EU AI Act timeline
Our timeline outlines the milestones in the implementation of the Artificial Intelligence Act (AI Act) until August 2027.