The proposal for a regulation on horizontal cybersecurity requirements for hardware and software, known as the EU Cyber Resilience Act (CRA), would introduce common cybersecurity requirements to apply throughout the expected lifecycle of devices.
At present, there are no general cybersecurity requirements at EU level applying to all devices with digital elements. The existing cybersecurity rules apply specifically to certain products or sectors (e.g. the EU Cybersecurity Act, ECA).
The draft regulation covers a wide range of hardware and software. It applies the same cybersecurity requirements to all devices but adapts the way of assessing conformity to their risk level.
The draft CRA targets mainly manufacturers by imposing on them cybersecurity requirements in relation to the design of devices with digital elements. After the devices have been placed in the EU market, manufacturers would have to exercise a duty of care for at least five years.
Devices which do not comply with the requirements introduced by the draft regulation would be prohibited from accessing the EU market.
Our new cheat sheet provides an overview of the obligations introduced by the draft CRA and can be downloaded hereunder:
Clients of our European Digital Economy service, can also access it directly on our client portal via the following link:
more news
25 April 24
[Cullen Explainer] Capital and purchased goods amount to most scope 3 emissions of telecoms operators
Our latest Explainer looks into scope 3 emissions, focusing on the reporting practices of telecoms operators.
22 April 24
Who has not transposed the European Electronic Communications Code yet?
Cullen International’s benchmark analyses the status of transposition of the European Electronic Communications Code (EECC) across the EU 27 plus UK and Norway.
18 April 24
Countries in the Americas are working towards the transparency and explainability of AI-based decisions
The latest update of Cullen International’s benchmark on AI reveals whether governments in the Americas published or proposed specific strategies to foster the adoption of AI-based services.