EU CRA

EU Cyber Resilience Act (CRA) Overview——Aside from the RED

/in

EU Cyber Resilience Act (CRA) Overview

The Cyber Resilience Act (CRA), introduced by the EU in 2022 and adopted in October 2024, aims to ensure the cybersecurity of connected products. It mandates rigorous cybersecurity standards across digital products, specifically targeting devices and software that connect to the internet. CRA emphasizes product security throughout its lifecycle to mitigate cybersecurity threats and vulnerabilities.

Key Milestones:

  • September 2022: Initial draft introduced by the European Commission.
  • October 2024: EU Council adopts the act, setting new safety requirements.
  • November 2024: Expected to be published in the Official Journal of the EU, with enforcement beginning after 20 days and a 36-month compliance period for companies.

Core Requirements:

  1. Secure by Design: Products must incorporate security features from design to production stages.
  2. Ongoing Updates: Networked products must support regular security updates and patching.
  3. Transparency of Information: Manufacturers must provide security-related information, including design, known risks, and update policies.
  4. Regulatory Oversight and Penalties: Non-compliant products may face fines or market removal.

Scope of Products Covered:

CRA covers most internet-connected devices, including:

  • Smart Home Devices: E.g., smart refrigerators, TVs, cameras, and toys.
  • Wearables: Such as smartwatches and health monitors.
  • Everyday IoT Devices: E.g., smart bulbs, connected outlets, and home security systems.
  • Industrial IoT Devices: E.g., monitoring systems and automated equipment in factories.

Excluded Products:

Certain categories are exempt due to existing regulations:

  • Medical Devices: Covered by stringent healthcare laws.
  • Aviation Equipment: Governed by aviation regulations.
  • Automobiles: Secured under EU vehicle safety laws.
  • Open-source Software: Exempt when used non-commercially.

CRA’s Vision:

CRA aims to act as a digital safety wall in the EU, enhancing the security of every connected product. For companies, it presents not only a compliance challenge but also an opportunity to boost product credibility and competitiveness.

For further inquiries or assistance with CRA compliance, feel free to contact THE ONE Cybersecurity Lab. We’re dedicated to helping your products meet the latest cybersecurity standards.