The CRA ensures that digital products must meet strict cybersecurity requirements before being placed on the European market. Both consumers and business users need to trust that digital products - from digital doorbells to accounting software - are secure.
Responsibility lies with the manufacturer. Are you a manufacturer of digital products? You must ensure your products are secure. Additionally, you are required to provide free security updates throughout the product's lifetime and report any digital vulnerabilities or incidents to customers immediately.
The CRA is expected to apply to all manufacturers, regardless of the size of your company. This is a broader approach compared to NIS2L (Network and Information Security Directive), which only applies to medium and large companies. Every product with digital elements that you want to bring to market in the EU will need to comply with this.
✓ One-stop-shop: services for OT, IT, and IoT under one roof
✓ Independent, objective assessments
✓ Expertise in laws and regulations
✓ Proven quality in testing, inspection, certification and training
✓ Forward-looking vision on cybersecurity
Our experts have deep knowledge and experience in specific fields. Questions, dilemmas, or just curious? We’re happy to share our insights.
The NEN 7510 standard for information security in the healthcare sector has been revised. The new NEN 7510-1:2024 was published on 16 December 2024 and replaces the previous version, NEN 7510:2017+A1:2020. The old version of the standard can still be used for certification under accreditation until 20 February 2027.
To implement AI safely and responsibly, international standards such as ISO 27001 and ISO 42001 play a crucial role. While ISO 27001 focuses on data protection, an AI management system (AIMS) under ISO 42001 is designed to manage and optimize the use of AI within an organization. By combining ISO 27001 and ISO 42001, businesses can develop a stronger and more proactive approach to information security.
Cybersecurity has been a passion of mine for years. My journey in this field began out of curiosity, leading me to specialize in web penetration testing. Since joining Kiwa, my focus has shifted to IoT security, with an emphasis on testing against standards like ETSI EN 303645. One topic that consistently fascinates me is input validation—an area where web penetration testing and IoT security assessments often intersect.
To keep quality standards relevant and up-to-date, they are periodically revised. Following the revision of ISO 27001 in 2022, a new version of the NEN 7510 has recently been published. Below, we highlight some of the key changes in the NEN 7510:2024.
