About the Cyber Resilience Act (CRA) (proposal)
Full name: Proposal for a Regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020
Type: Regulation
Objective and key elements:
- Setting horizontal a baseline for security in the internal market
- Increasing the overall level of cybersecurity of all products with digital elements by introducing essential cybersecurity requirements for such products
- Security updates to be made available for at least 5 years
- Reporting obligations in case of security incidents
- Possibility to recall products not fulfilling the requirements
Relevant to: Manufacturers, importers, and distributors of products and software including digital elements (excluding services, such as SaaS and certain specifically regulated products (e.g. cars)).
Status: Proposal, provisional agreement reached by the Council presidency and the European Parliament’s on 30 November 2023, read more.
Documents:
The Council’s proposed amendments on 13 July 2023, link
Commission proposal published on 15 September 2022, link
Next steps: Work will continue at technical level to finalise the details of the new regulation. The Spanish presidency will submit the compromise text to the member states’ representatives for endorsement once this work has been concluded. The entire text of the regulation will need to be confirmed by both institutions and undergo legal-linguistic revision before formal adoption by the co-legislators.
(Last updated 1 December 2023)