The Cyber Resilience Act (CRA) entered into force on 10 December 2024. This new regulation will apply directly across EU member states from 11 December 2027, without requiring transposition into national law.
The requirement for manufacturers to notify severe incidents and actively exploited vulnerabilities will apply earlier, from 11 September 2026.
The CRA establishes baseline cybersecurity requirements for products with digital elements (hardware and software) applicable from the design phase to the product’s expected use.
Products that do not comply with the requirements introduced by the regulation will be prohibited from accessing the EU market.
Cullen International published an infographic providing an overview of the main obligations introduced by the CRA.
Clients of our European Digital Economy service, can also access it directly on our client portal via the following link:
more news
17 September 25
Sustainability targets of car manufacturers
Our latest benchmark summarises the sustainability targets put in place by the major car manufacturers.
16 September 25
Italy is the only country where hybrid mail falls within the postal universal service
Cullen International's new benchmark shows the availability and regulation of hybrid mail services in 21 European countries. Hybrid mail combines physical and digital delivery, either by printing digital mail for postal dispatch or by scanning physical letters and delivering them digitally.
11 September 25
EU initiatives to foster satellite connectivity
Our new Tracker covers the Commission’s flagship initiatives in relation to satellite infrastructure, satellite spectrum and new converged services like direct-to-device (D2D). It also covers the EU’s preparations for the World Radiocommunication Conference 2027 (WRC-27), where satellite is on the agenda.