The Cyber Resilience Act (CRA)

Regulation n°2024/2847, also known as the Cyber Resilience Act (CRA), is part of the European Union’s work to reinforce the cybersecurity of digital products.

The CRA endeavours to reinforce the cybersecurity of products comprising digital components by establishing a uniform legal framework and imposing cybersecurity requirements on manufacturers, importers, and distributors, from the conception stage and throughout the lifecycle of the products. Products which comply with the requirements set out in the CRA will bear the CE marking.

The CRA includes essential cybersecurity requirements to be applied to both products and the management of vulnerabilities, and introduces compliance evaluation procedures.

The regulation has multiple objectives: ensuring that manufacturers, importers, and distributors operate responsibly, and fostering consumer confidence.