The Cyber Resilience Act (CRA) entered into force on 10 December 2024. This new regulation will apply directly across EU member states from 11 December 2027, without requiring transposition into national law.
The requirement for manufacturers to notify severe incidents and actively exploited vulnerabilities will apply earlier, from 11 September 2026.
The CRA establishes baseline cybersecurity requirements for products with digital elements (hardware and software) applicable from the design phase to the product’s expected use.
Products that do not comply with the requirements introduced by the regulation will be prohibited from accessing the EU market.
Cullen International published an infographic providing an overview of the main obligations introduced by the CRA.
Clients of our European Digital Economy service, can also access it directly on our client portal via the following link:
more news
01 September 25
Regulating submarine cable infrastructure
Our new Global Trends benchmark analyses key aspects of policies and regulations on submarine cable infrastructure in the telecoms sector. The research covers 16 jurisdictions around the world: Australia, Brazil, China, Egypt, the EU, India, Indonesia, Japan, Kenya, Korea, Nigeria, Peru, Singapore, South Africa, the UK, and the US.
27 August 25
5G developments and other regulatory news in the Middle East and North Africa
Our latest MENA Telecoms Update details the most significant regulatory developments taking place in the region between 30 April and 11 August 2025.
14 August 25
Fighting online piracy in Brazil
The latest edition of Cullen International's Fighting Online Piracy benchmark shows that Brazil’s audiovisual sector regulator Ancine and its telecoms regulator Anatel have agreed in writing to collaborate in the fight against the online piracy of media content.