The Cyber Resilience Act (CRA), introduced under Regulation (EU) 2024/2847, represents a significant step in strengthening cybersecurity across all products with digital elements in the European Union. This landmark legislation sets comprehensive security requirements for manufacturers, distributors, and importers, aiming to protect both businesses and consumers from the increasing threat of cyberattacks.
The CRA covers a wide range of digital products, including connected devices, software applications, and critical network tools. It mandates the following requirements:
- Products must be designed with security in mind, ensuring their protection throughout their lifecycle.
- Manufacturers must clearly communicate cybersecurity risks and the timelines for security updates.
- Manufacturers must address vulnerabilities in a timely manner, providing updates and communicating with users to ensure their safety.
By establishing a unified regulatory framework across EU member states, the CRA reduces legal inconsistencies and simplifies compliance for businesses, while improving the overall security of digital ecosystems.
The CRA establishes specific timelines to help manufacturers transition smoothly:
- Entry into Force: November 20, 2024, following its publication in the EU Official Journal.
- Application Date: Full implementation of the CRA provisions will be required 24 months after the entry into force (November 20, 2026).
- Transitional Period for CE Marking: Products already on the market before the application date can continue to be sold until December 31, 2027, as long as they meet the minimum cybersecurity standards.
Manufacturers are encouraged to use this transitional period to align their products and processes with the new requirements, including necessary documentation and conformity assessments.
The CRA is a crucial step toward building a secure and resilient digital future in the EU, paving the way for safer digital environments across industries.
For full details, consult this link: Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) No 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act) (Text with EEA relevance)
Eleos Compliance offer international RF, EMC, Safety and Green type approval services for radiocommunications products. Eleos Compliance are a sustainable, values-based business combining extensive experience in the wireless homologation sector with outstanding project management. For full support with your global market access requirements or regulatory intelligence needs please contact us at enquiries@eleoscompliance.com
