News & Events

News

European Council Adopts Cyber Resilience Act

November 25, 2024

On the 10th of October 2024, the European Council (Council) adopted Regulation (EU) 2024/2847, introducing horizontal cybersecurity requirements for products with digital elements, also known as the Cyber Resilience Act (CRA). This regulation was published in the Official Journal of the European Union on the 20th of November 2024 and is set to enter into force in December 2024. This Regulation shall apply from 11 December 2027. However, Article 14 shall apply from 11 September 2026 and Chapter IV (Articles 35 to 51) shall apply from 11 June 2026.

The CRA applies to manufacturers, distributors, and importers, mandating enhanced cybersecurity standards for products with digital elements. These include a wide range of devices such as smartphones, laptops, password managers, and smart home products with security functionalities (e.g., smart door locks, security cameras, or baby monitoring systems). Any product directly or indirectly connected to a network or other devices falls under this regulation. The CRA aims to mitigate hardware and software vulnerabilities throughout a product’s lifecycle, ensuring safer products are placed on the EU internal market.

Under the CRA, existing CE marking on hardware and software will also signify compliance with the regulation. This allows consumers to make informed purchasing decisions by identifying products that meet the enhanced cybersecurity standards.

Products are categorized based on their cybersecurity risk level—classified as either “important” or “critical.” However, all products, regardless of classification, must comply with the CRA. Responsibility for ensuring compliance lies with manufacturers, distributors, and importers.

The primary objective of the CRA is to bolster cybersecurity across the EU by addressing vulnerabilities in products with digital elements. Cybersecurity threats pose significant risks to consumers, but the regulation also emphasizes the role of users in maintaining security. Consumers are encouraged to report vulnerabilities and understand the significance of CE marking, which assures compliance with the CRA.

By introducing mandatory cybersecurity requirements, the CRA aims to phase out inadequate security features in products. These protections will extend throughout the product lifecycle, establishing a robust framework for cybersecurity and ensuring safer digital ecosystems for EU citizens.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.