On January 15, 2026, the European Telecommunications Standards Institute (ETSI) published the following draft standards for the Cyber Resilience Act:

• EN 304 617 – Cybersecurity requirements for Browsers
• EN 304 618 – Cybersecurity requirements for password managers
• EN 304 619 – Cybersecurity requirements for software that searches for, removes, or quarantines malicious software
• EN 304 620 – Cybersecurity requirements for Virtual Private Networks (VPNs)
• EN 304 621 – Cybersecurity requirements for Network Management Systems (NMSs)
• EN 304 622 – Cybersecurity requirements for Security Information and event management (SIEM)
• EN 304 623 – Cybersecurity requirements for boot managers
• EN 304 624 – Essential cybersecurity requirements for Public Key Infrastructure and digital certificate issuance software
• EN 304 625 – Cybersecurity requirements for physical and virtual network interfaces
• EN 304 626 – Cybersecurity requirements for Operating Systems (OS)
• EN 304 627 – Essential cybersecurity requirements for routers, modems intended for the connection to the internet, and switches
• EN 304 635 – Cybersecurity requirements for Virtualisation Execution Stack (VES) and Container Execution Stack (CES), including hypervisors and container runtime systems
• EN 304 636 – Cybersecurity requirements for firewalls, intrusion detection and/or prevention systems

Click on this link to view the above draft standards. The link also includes a public consultation guide and a feedback form.