The proposal for a regulation on horizontal cybersecurity requirements for hardware and software, known as the EU Cyber Resilience Act (CRA), would introduce common cybersecurity requirements to apply throughout the expected lifecycle of devices.
At present, there are no general cybersecurity requirements at EU level applying to all devices with digital elements. The existing cybersecurity rules apply specifically to certain products or sectors (e.g. the EU Cybersecurity Act, ECA).
The draft regulation covers a wide range of hardware and software. It applies the same cybersecurity requirements to all devices but adapts the way of assessing conformity to their risk level.
The draft CRA targets mainly manufacturers by imposing on them cybersecurity requirements in relation to the design of devices with digital elements. After the devices have been placed in the EU market, manufacturers would have to exercise a duty of care for at least five years.
Devices which do not comply with the requirements introduced by the draft regulation would be prohibited from accessing the EU market.
Our new cheat sheet provides an overview of the obligations introduced by the draft CRA and can be downloaded hereunder:
(Updated 13 December 2024)
Clients of our European Digital Economy service, can also access it directly on our client portal via the following link:
more news
04 July 25
Online intermediaries in the Americas are protected against liability for third-party copyright infringements
Cullen International’s latest benchmark shows that most countries in the Americas limit the liability of online intermediaries for third-party copyright infringements, reflecting digital-era updates to copyright laws. The research also examines liability rules for defamation and other IP violations, as well as varying takedown obligations across jurisdictions. Some countries have introduced specific measures to address the unconsented sharing of intimate content.
30 June 25
LTE and 5G in the 410–430 MHz and 450–470 MHz bands in Europe
Our latest European benchmark shows the countries where the 410–430 MHz or 450–470 MHz bands can be used for LTE or 5G.
27 June 25
Can European end users choose their own router or modem?
Our new benchmark research shows that national regulators clearly defined the network termination point in five of the 14 European countries studied.