My favourites

About the Cyber Resilience Act (CRA) (proposal)

Full name: Proposal for a Regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020

Type: Regulation

Objective and key elements:

  • Setting horizontal a baseline for security in the internal market
  • Increasing the overall level of cybersecurity of all products with digital elements by introducing essential cybersecurity requirements for such products
  • Security updates to be made available for at least 5 years
  • Reporting obligations in case of security incidents
  • Possibility to recall products not fulfilling the requirements

 

Relevant to: Manufacturers, importers, and distributors of products and software including digital elements (excluding services, such as SaaS and certain specifically regulated products (e.g. cars)).

Status: Proposal, provisional  agreement reached by the Council presidency and the European Parliament’s on 30 November 2023, read more.

Documents:

The Council’s proposed amendments on 13 July 2023, link

Commission proposal published on 15 September 2022, link

 

Next steps: Work will continue at technical level to finalise the details of the new regulation. The Spanish presidency will submit the compromise text to the member states’ representatives  for endorsement once this work has been concluded. The entire text of the regulation will need to be confirmed by both institutions and undergo legal-linguistic revision before formal adoption by the co-legislators.

(Last updated 1 December 2023)