About the Cyber Resilience Act (CRA) (proposal)
Full name: Proposal for a Regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020
Type: Regulation
Objective and key elements:
- Setting horizontal a baseline for security in the internal market
- Increasing the overall level of cybersecurity of all products with digital elements by introducing essential cybersecurity requirements for such products
- Security updates to be made available for at least 5 years
- Reporting obligations in case of security incidents
- Possibility to recall products not fulfilling the requirements
Relevant to: Manufacturers, importers, and distributors of products and software including digital elements (excluding services, such as SaaS and certain specifically regulated products (e.g. cars)).
Status: Proposal
Documents: Commission proposal published on 15 September 2022, link
Next steps: trialogue. Link to EUR-Lex
(Last updated 12 February 2023)
