Cyber Resilience Act (CRA)

Cyber Resilience Act (CRA) is a European Union (EU) regulation proposal.

This post explains some aspects of CRA.

Description of CRA

CRA was proposed as a regulation by the European Commission in 2022.

CRA is called in Spanish as Propuesta de Reglamento de Ciberresiliencia.

It is focused on improving cybersecurity on products with digital elements, establishing a cybersecurity framework. From the user point of view, it makes an effort to make these products safer and improve transparency on this topic.

CRA proposal document can be read on this external link.

CRA Objectives

CRA has four main objectives:

  1. Ensure that manufacturers improve the security of products with digital elements since the design and development phase and throughout the whole life cycle;
  2. Ensure a coherent cybersecurity framework, facilitating compliance for hardware and software producers
  3. Enhance the transparency of security properties of products with digital elements
  4. Enable businesses and consumers to use products with digital elements securely

CRA Background

CRA would affect the existing regulations:

  • Amendment:
    • Regulation (EU) 2019/1020, or market surveillance and compliance of products

CRA Scope

Article 2 establishes the scope of the regulation.

CRA affects all products with digital elements that includes data connection to a device or network.

The regulation does not affect any:

You might also be interested in…

External References

Leave a Reply

Your email address will not be published. Required fields are marked *