EU publishes key guidance for implementing the Cyber Resilience Act (CRA): how it will affect manufacturers and users
The European Commission has published a new FAQ guide to clarify the implementation of the Cyber Resilience Act (CRA), the regulation that introduces for the first time mandatory cybersecurity requirements for all products with digital elements marketed in the European Union. The aim is to ensure that both hardware and software coming to the European market incorporate security measures from their design and throughout their life cycle.
Regulation (EU) 2024/2847, in force since this year, establishes a horizontal framework that affects both end products and independently distributed components. With this, the EU seeks to strengthen the digital resilience of the internal market and provide end users - both individuals and companies - with greater transparency and information on the cybersecurity of the products they purchase.
The new FAQ published by Brussels clarifies key aspects such as when the obligations apply, who must comply with them and what responsibilities manufacturers have, especially in relation to secure design, vulnerability management and the provision of security updates.
With this regulation, the European Union is taking a decisive step to raise the level of protection against cyber threats, in a context of increasing digitization and sophistication of attacks. The Commission has made available to companies and organizations the full FAQ document, which can now be downloaded from its official website.
