Cyber Resilience Act (CRA)

The European Cyber Resilience Act (CRA)

The new European Cyber Resilience Act (CRA) is currently being developed by the EU. The legislative process is still ongoing, with much left to be determined.
How can you prepare for this new legislation? Start by minimizing cyber risks now. We test, inspect, certify and train your organization, helping you improve your organization’s cyber resilience today.

What does the CRA mean for you?

The CRA ensures that digital products must meet strict cybersecurity requirements before being placed on the European market. Both consumers and business users need to trust that digital products - from digital doorbells to accounting software - are secure.

Responsibility lies with the manufacturer. Are you a manufacturer of digital products? You must ensure your products are secure. Additionally, you are required to provide free security updates throughout the product's lifetime and report any digital vulnerabilities or incidents to customers immediately.

What is the difference between the CRA and NIS2?

The CRA is expected to apply to all manufacturers, regardless of the size of your company. This is a broader approach compared to NIS2L (Network and Information Security Directive), which only applies to medium and large companies. Every product with digital elements that you want to bring to market in the EU will need to comply with this.