On 10 October 2024, the European Council officially adopted the Cyber Resilience Act, a new regulation aimed at bolstering cybersecurity across the EU by introducing stringent security requirements for digital products and ensuring that smart devices are secure throughout their lifecycle.
What does it mean?
In an era where digital products are ubiquitous, from smart home devices to industrial control systems, the need for robust cybersecurity measures has never been more critical. The CRA addresses this need by setting EU-wide cybersecurity standards for the design, development, production, and market availability of hardware and software products. This comprehensive approach aims to mitigate the risks associated with cyber threats which have been escalating in both frequency and sophistication.
In particular, the CRA mandates that all products which are connected either directly or indirectly to another device or to a network (with some exceptions) comply with specific cybersecurity standards from the design phase through to their end-of-life. Manufacturers will also be required to conduct thorough cybersecurity risk assessments, issue declarations of conformity, and cooperate with authorities to ensure compliance.
Products that meet the CRA’s requirements will bear the familiar CE marking, indicating compliance with the regulation’s standards. For consumers, this will make it easier to identify products which meet the CRA's high cybersecurity standards, thereby helping them to make informed decisions when purchasing digital products.
Next steps and implementation
Following its adoption, the CRA will be signed by the presidents of the Council and the European Parliament and published in the EU’s Official Journal. It will enter into force 20 days after publication and will apply 36 months later, with some provisions taking effect earlier. This phased implementation allows manufacturers and other stakeholders time to adapt to the new requirements.
Final thoughts
The adoption of the CRA marks a significant step forward in the EU’s efforts to create a secure digital environment. By setting high cybersecurity standards for digital products, the EU is not only protecting its citizens but also setting a global benchmark for digital security.
If you're interested in learning more about the CRA and its requirements, contact one of the team who will be happy to help. And if you would like to know about the equivalent UK requirements, see here.