The recently proposed Cyber Resilience Act (CRA) by the European Commission is set to revolutionize the way business approaches cybersecurity. The CRA is not just another set of regulations; it’s a strategic move to enhance the security of digital products across the EU. Covering everything from baby monitors to smartwatches, this legislation demands manufacturers and retailers to meet cybersecurity requirements throughout a product’s lifecycle, creating a safer and more resilient digital ecosystem.
The 1st of December the European Parliament and the Council agreed on it and is expected to enter into force in 2024, after a two-year transition period for most of the provisions. The CRA is a disruptive and ambitious legislation that will have a significant impact on the EU market and beyond, and will require the involvement and cooperation of all relevant stakeholders, from manufacturers and retailers to consumers and users, to ensure its successful implementation and enforcement.
Key Objectives of the CRA:
Elevating Cybersecurity Standards: The CRA introduces mandatory cybersecurity requirements, ensuring secure development, regular security updates, and effective vulnerability management. This will necessitate investments in cybersecurity capabilities and processes, aligning your business with the changing regulatory landscape.
Transparency and Accountability: A common EU cybersecurity certification scheme will be established, using CE marking to indicate compliance. This not only streamlines the certification process but also reduces administrative burdens and costs, ultimately enhancing your business’s competitiveness in the EU market.
Empowering Consumers and Businesses: By providing clear and accessible information on cybersecurity features, certification levels, and contact details of the manufacturer, businesses empower consumers to make informed choices. This increased transparency not only builds trust but also holds businesses accountable for their products.
The CRA is expected to bring significant benefits to the EU market, such as:
Competitiveness and Innovation: Compliance with the CRA creates a level playing field, reducing fragmentation and compliance costs. This fosters customer trust, enhancing the competitiveness and innovation of the EU industry.
Security and Resilience: A harmonized and secure digital ecosystem reduces the exposure and impact of cyberattacks, strengthening the protection of personal data and privacy. This aligns with broader EU initiatives, offering a safer space for businesses to thrive.
Global Leadership in Cybersecurity: Businesses contributing to high standards and best practices under the CRA will play a role in establishing the EU’s strategic autonomy and global leadership in cybersecurity. This not only enhances the reputation of your business but also fosters fair competition on a global scale.
The CRA is more than a set of regulations. It’s an opportunity for the market to grow in a secure, competitive, and innovative environment. We encourage you to get familiar with the changes brought by the CRA, ensuring your business not only complies with regulations but also positions itself as a leader in the dynamic world of cybersecurity.
The CRA is part of the EU’s 2020 Cybersecurity Strategy, which seeks to enhance the EU’s collective resilience against cyber threats and ensure that all citizens and businesses can fully benefit from trustworthy and reliable services and digital tools. The CRA is also aligned with the NIS2 Framework, which sets out rules for the security of network and information systems in the EU.