Cyber Resilience Act (CRA)

Cyber Resilience Act (CRA)

With the widespread adoption of IoT and digital products, devices ranging from smart home equipment to office software have become ubiquitous. However, due to security vulnerabilities and a lack of timely updates, these products are increasingly becoming targets of cyberattacks, posing significant risks to consumers and businesses. The Cyber Resilience Act (CRA) was introduced by the European Union (EU) to address these shortcomings. It will take effect on December 10, 2024, with mandatory compliance starting on December 11, 2027.

The CRA aims to enhance the cybersecurity standards of digital products and software, ensuring that security is incorporated throughout the entire lifecycle—from design to usage. By introducing mandatory regulations, the act seeks to improve market trust and transparency. The CRA applies to products and software with digital elements that can connect directly or indirectly to other devices or networks. However, certain products, such as medical devices, vehicles, and aviation equipment, are excluded from its scope.

The act targets hardware manufacturers, service providers, and software developers, setting standards for product planning, design, development, and maintenance. Key requirements include:

•       Manufacturers must integrate security-by-design principles during product planning and development.

•       Continuous security updates must be provided throughout the product lifecycle to address vulnerabilities.

•       Critical products are required to undergo third-party assessments by authorized bodies to ensure compliance.

•       Non-compliance may result in substantial penalties.

 

Currently, the harmonized standards related to the CRA are still under development and discussion. The act’s requirements for management processes and technical specifications for products are aligned with existing cybersecurity standards, providing a clear framework and technical guidance for future compliance with CRA harmonized standards.

 

For more detailed information, please contact TÜV NORD Taiwan Industrial Services for further assistance.