Cyber Resilience Act (CRA) is a European Union (EU) regulation proposal.
This post explains some aspects of CRA.
Description of CRA
CRA was proposed as a regulation by the European Commission in 2022.
CRA is called in Spanish as Propuesta de Reglamento de Ciberresiliencia.
It is focused on improving cybersecurity on products with digital elements, establishing a cybersecurity framework. From the user point of view, it makes an effort to make these products safer and improve transparency on this topic.
CRA proposal document can be read on this external link.
CRA Objectives
CRA has four main objectives:
- Ensure that manufacturers improve the security of products with digital elements since the design and development phase and throughout the whole life cycle;
- Ensure a coherent cybersecurity framework, facilitating compliance for hardware and software producers
- Enhance the transparency of security properties of products with digital elements
- Enable businesses and consumers to use products with digital elements securely
CRA Background
CRA would affect the existing regulations:
- Amendment:
- Regulation (EU) 2019/1020, or market surveillance and compliance of products
CRA Scope
Article 2 establishes the scope of the regulation.
CRA affects all products with digital elements that includes data connection to a device or network.
The regulation does not affect any:
- Regulation (EU) 2017/745 – Medical devices
- Regulation (EU) 2017/746 – Vitro diagnostic medical devices
- Regulation (EU) 2019/2144 – Vehicles
You might also be interested in…
- IT Security Compliance
- Cloud Security Compliance
- GDPR
- (NIS2)
- Digital Operational Resilience Act (DORA)
- Critical Entities Resilience Regulation (CER)
External References
- European Union; “Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020“; European Union
- European Commission; “Cyber Resilience Act“; European Commision