The Cyber Resilience Act (CRA) entered into force on 10 December 2024. This new regulation will apply directly across EU member states from 11 December 2027, without requiring transposition into national law.
The requirement for manufacturers to notify severe incidents and actively exploited vulnerabilities will apply earlier, from 11 September 2026.
The CRA establishes baseline cybersecurity requirements for products with digital elements (hardware and software) applicable from the design phase to the product’s expected use.
Products that do not comply with the requirements introduced by the regulation will be prohibited from accessing the EU market.
Cullen International published an infographic providing an overview of the main obligations introduced by the CRA.
Clients of our European Digital Economy service, can also access it directly on our client portal via the following link:
more news
18 June 26
[INFOGRAPHIC] Cullen Cheat Sheet: M&A wave in Latin America’s telecoms sector
This Cullen International infographic highlights the key M&A transactions in the LATAM telecoms market in the last few years.
15 June 26
Global trends in regulating cross-border personal data transfers
Our latest Global Trends benchmark compares key aspects of the regulation of cross-border personal data transfers across 14 jurisdictions worldwide.
12 June 26
Status of national AI laws across Europe
Our new benchmark tracks national laws implementing the AI Act, looking into the procedure for adoption and the core provisions.