The proposed EU Cyber Resilience Act sets out new cybersecurity related requirements for products with "digital elements". Read the blog to learn what these security regulations entail.
What is the EU Cyber Resilience Act?
The proposed EU Cyber Resilience Act (CRA), published by the European Commission on 15 September 2022, outlines cybersecurity requirements for products with digital elements. Its main objectives are to enhance the security of connected products and software in the EU market, ensure manufacturers are accountable for cybersecurity throughout a product's life cycle, and provide consumers with clear information regarding the cybersecurity of the products they purchase.
Who is affected by the CRA?
The CRA affects manufacturers, developers, and distributors of products with digital elements, including both hardware and software. It establishes common cybersecurity rules that these parties must follow to ensure compliance and enhance the overall security of products available in the EU market.
What are the compliance requirements under the CRA?
Manufacturers must undergo a self-certification conformity assessment to ensure their products meet essential cybersecurity requirements. Critical products require a more formal assessment by a central EU body. Additionally, manufacturers must provide an EU declaration of conformity, maintain technical documentation, and notify relevant authorities of any vulnerabilities. Distributors and importers must ensure that products comply with these requirements before placing them on the market and report any identified vulnerabilities.