My favourites

About the Cyber Resilience Act (CRA) (proposal)

Full name: Proposal for a Regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020

Type: Regulation

Objective and key elements:

  • Setting horizontal a baseline for security in the internal market
  • Increasing the overall level of cybersecurity of all products with digital elements by introducing essential cybersecurity requirements for such products
  • Security updates to be made available for at least 5 years
  • Reporting obligations in case of security incidents
  • Possibility to recall products not fulfilling the requirements


Relevant to: Manufacturers, importers, and distributors of products and software including digital elements (excluding services, such as SaaS and certain specifically regulated products (e.g. cars)).

Status: Proposal

Documents: Commission proposal published on 15 September 2022, link

Next steps: trialogue. Link to EUR-Lex


(Last updated 12 February 2023)