Category

EU: The Cyber Resilience Act (CRA) is officially passed

Created:2024-10-21 Officially published at:2024-10-10

On October 10, 2024, the European Union passed the Cyber Resilience Act (CRA) to strengthen the cybersecurity of connected devices. The Cyber Resilience Act sets out mandatory security requirements for digital products manufactured, imported, or sold within the EU, ensuring that these devices remain consistent throughout their lifecycle.

Key points of the bill:

  • Security requirements: Manufacturers must ensure that their products comply with cybersecurity standards and remain secure throughout their lifecycle;
  • CE marking: Connected products must bear the CE mark, proving that they meet cybersecurity standards;
  • Reporting requirements: Vulnerabilities and cyber incidents must be reported within 24 hours; and submit a detailed report to the European Cybersecurity Agency (ENISA) within 72 hours;
  • Updates and support: Manufacturers are obligated to provide free security updates for the expected life of the product.

The Cyber Resilience Act will be implemented from December 11, 2027, while reporting requirements will apply from September 11, 2026.

Click this link to view the original CRA Act passed on October 10, 2024, click this link to check out the EU's press releaseof this approval.