The Cyber Resilience Act (CRA) contains strict cybersecurity requirements for products with digital elements. The regulation was adopted at the end of 2024 and will be directly applicable in all EU member states from 2027. Detailed information on the requirements under the CRA can be found here. For an efficient implementation of the CRA, companies are in need of a holistic concept for cybersecurity compliance.
The CRA applies to all products with digital elements on the European market and classifies them into risk categories. However, a few product types are exempt from the CRA. Check now if your products are affected with our Quick-Check!
The CRA focuses on the manufacturers of products with digital elements. They must ensure that their products meet the requirements of the regulation. However, there are also obligations for distributors and importers. Companies must therefore determine the role in which they operate on the market.
The CRA requires manufacturers of products with digital elements to meet certain requirements for cybersecurity and vulnerability management. Security updates must be provided free of charge. For distributors and importers, graded obligations apply.
Both the legal situation and products with digital elements are subject to change, which may be accompanied by changing requirements. Companies must therefore continuously monitor both the legal situation and product development and respond to relevant changes.
The CRA contains requirements for the cybersecurity of products with digital elements that are placed on the European market. You can use our free Quick-Check to assess whether your products are affected.
100% expertise. 0% nonsense. We have extensive experience in cybersecurity compliance management and combine consulting practice and research in cybersecurity law. Our advice is: Smart. Efficient. Spot-on.