The Cyber Resilience Act at a glance
New standards for digital security
The Cyber Resilience Act (CRA) is a European regulation that aims to improve the cyber security of products with digital elements. It was presented by the European Commission in September 2022 and is part of the EU strategy to strengthen cyber security. The CRA focuses on setting minimum cybersecurity requirements for products marketed in the EU to minimize security vulnerabilities and counter cyber threats.
Objectives of the Cyber Resilience Act
1. Improve Product Security: Products with digital elements should be more secure, both during development and during their use. This applies to hardware, software and all devices that are connected online.
2. Minimization of Cyber Risks: The regulation aims to ensure that vulnerabilities in products are minimized to make attacks such as hacking or data theft more difficult.
3. Increasing Consumer Confidence: If products are made more secure by the CRA, consumer and company confidence in digital technologies will increase.
4. Clearer Responsibilities: Manufacturers and vendors must ensure that their products are secure and meet certain cybersecurity standards. The CRA makes them liable for security gaps and deficiencies.
Key provisions of the CRA
• Cybersecurity requirements: Manufacturers of products with digital elements must implement cybersecurity measures throughout a product’s lifecycle, such as providing regular security updates and closing security vulnerabilities.
• Reporting obligations: Companies must report significant vulnerabilities and incidents to the relevant authorities. This creates more transparency about security problems and enables better coordination when responding to cyber attacks.
• Responsibility of manufacturers: The CRA demands that manufacturers carry out security tests and assessments of their products before they are placed on the market.
• Penalties and sanctions: Failure to comply with the CRA could result in significant fines of up to €15 million or 2.5% of a company’s annual global turnover.
Implications
1. For Companies: Manufacturers and importers of digital products will need to revise their cybersecurity processes to comply with the new requirements. This may lead to higher costs, but will improve the quality and security of products in the long term.
2. For Consumers: the CRA provides greater protection against cyber-attacks and increases confidence in digital products available on the market.
The CRA is an important part of the EU’s efforts to strengthen digital sovereignty and combat cyber threats, which are becoming increasingly important in our increasingly interconnected world.