On Thursday, 30 November, the European Parliament and the Council of the European Union reached a political agreement on the Cyber Resilience Act (CRA). On Friday, the European Commission welcomed the news, hailing the CRA as the world's first legislation aimed at improving the cybersecurity of digital products across the EU. The CRA introduces mandatory cybersecurity requirements for all hardware and software products, which vary depending on the level of risk, including up to 10% of products requiring third-party assessments. Under the CRA, all products put on the EU market must be cyber-secure. Furthermore, manufacturers will have to implement cybersecurity measures across the entire lifecycle of the product, and software and hardware products will bear the CE marking to show compliance.
The agreement is now subject to formal approval by the Parliament and Council. Once adopted, the CRA will enter into force 20 days following its publication in the Official Journal of the EU.
The Commission has also published a Questions and Answers page.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.