Understanding the Impact of the New EU Cyber Resilience Act

Join experts from the European Commission, NIST, standardization organizations, and industry as they discuss the impacts of the recently adopted European Cyber Resilience Act (CRA) on areas such as IoT security, consumer protection, standards, certification, supply chains, and competition!

The European Cyber Resilience Act (CRA) aims at improving the cybersecurity of hardware and software products. The act seeks to address two major problems: the low level of cybersecurity in many products and the insufficient understanding and access to information by users. Four specific objectives have been identified, including ensuring manufacturers improve the security of products with digital elements from the design and development phase and throughout the product’s life cycle, creating a coherent cybersecurity framework for hardware and software producers, enhancing the transparency of security properties of products with digital elements, and enabling businesses and consumers to use products with digital elements securely.

The CRA seeks to harmonize the Union regulatory landscape by introducing cybersecurity requirements for products with digital elements, ensuring certainty for operators and users across the Union and better harmonization of the single market.

Manufacturers must ensure that all connectable products with digital elements are designed and developed in accordance with essential requirements laid down in the regulation, including consumer products with digital elements intended for vulnerable consumers, such as toys and baby monitors.