The proposal for a regulation on horizontal cybersecurity requirements for hardware and software, known as the EU Cyber Resilience Act (CRA), would introduce common cybersecurity requirements to apply throughout the expected lifecycle of devices.
At present, there are no general cybersecurity requirements at EU level applying to all devices with digital elements. The existing cybersecurity rules apply specifically to certain products or sectors (e.g. the EU Cybersecurity Act, ECA).
The draft regulation covers a wide range of hardware and software. It applies the same cybersecurity requirements to all devices but adapts the way of assessing conformity to their risk level.
The draft CRA targets mainly manufacturers by imposing on them cybersecurity requirements in relation to the design of devices with digital elements. After the devices have been placed in the EU market, manufacturers would have to exercise a duty of care for at least five years.
Devices which do not comply with the requirements introduced by the draft regulation would be prohibited from accessing the EU market.
Our new cheat sheet provides an overview of the obligations introduced by the draft CRA and can be downloaded hereunder:
(Updated 13 December 2024)
Clients of our European Digital Economy service, can also access it directly on our client portal via the following link:
more news
30 June 26
Transposition status of key EU environmental directives
Our latest benchmark contains summary information on the transposition status of six key EU environmental directives.
18 June 26
[INFOGRAPHIC] Cullen Cheat Sheet: M&A wave in Latin America’s telecoms sector
This Cullen International infographic highlights the key M&A transactions in the LATAM telecoms market in the last few years.
15 June 26
Global trends in regulating cross-border personal data transfers
Our latest Global Trends benchmark compares key aspects of the regulation of cross-border personal data transfers across 14 jurisdictions worldwide.