The Cyber Resilience Act 🇪🇺

The Cyber Resilience Act (EU) has now entered into force, but questions remain such as: What is it exactly? and What do I need to do to comply with the Act ?

These are some of the questions that IoT devices manufacturers, software developers, importers and distributors operating on the European Union market need answers to.

This website aims at answering stakeholders’ concerns and provide them with a clear path towards compliance.

The site is currently being updated to reflect the latest version of the CRA (2024/10/24)

The CRA, in a few words

The Cyber Resilience Act 🇪🇺 is a disruptive legislation which establishes a set of  cybersecurity requirements applicable to manufacturers of products, both hardware and software, with digital components.

Why was the CRA introduced?
As the number of IoT devices continues to soar, it has become crucial to address the issue of low-level cybersecurity and device vulnerability by offering regular updates and continuous support.

European organizations are the most targeted in the world by cyber attacks.

Attacks will cost US$ 10.5 trillion by 2025, a 15% increase in cost every year.

There will be 30.2 billion IoT devices by 2030: +108% from today’s 14.5 billion devices.

What are the CRA’s goals?
Firstly, the legislation aims to guarantee higher levels of security for all wired and wireless items that are connected to the internet, as well as software that is available on the European single market, while mandating that manufacturers bear the responsibility for cybersecurity throughout a product’s lifespan.

Additonally, it will also enable customers to receive accurate and comprehensive information about the cybersecurity features of their products.

Therefore, by harmonizing the regulatory landscape, overlapping requirements will be avoided, making it easier for device manufacturers to comply with the regulation.

Find out how much budget to allocate to compliance.

ACHIEVING COMPLIANCE

I am an IoT device manufacturer

IoT device manufacturers are first in line when it comes to compliance. The CRA will change the way manufacturers operate.

Our guide covers what you have to do, how much time you have to comply and what the legal ramifications of non-compliance are.

I am a software developer

Non-monetized free and open-source software as well as pure SaaS and PaaS are generally excluded from the CRA.

Software enabling remote data processing from IoT devices, provided they establish a data connection and are supplied within a commercial context are subject to the CRA.

I import / distribute/ resell

IoT device importers, distributors and resellers have many requirements under the CRA and in some circumstances can even be considered as manufacturers themselves.

Our guides detail these stakeholders’ responsibilities and liabilities.

Cyber Security News and Events

Check out the latest events on cyber security and the Cyber Resilience Act.