EUR · Framework

CRA — Cyber Resilience Act

The CRA introduces horizontal cybersecurity requirements for products with digital elements, hardware and software, across their whole lifecycle before they reach the EU market.

What it is

The CRA introduces horizontal cybersecurity requirements for products with digital elements, hardware and software, across their whole lifecycle before they reach the EU market.

European Union · In force 10 December 2024; main obligations apply 11 December 2027

Who it binds

Manufacturers, importers and distributors of connected products and software placed on the EU market.

Key obligations

Secure-by-design and secure-by-default engineering
Vulnerability handling and security updates over a declared support period
Conformity assessment and CE marking
Reporting of actively exploited vulnerabilities and severe incidents to ENISA

How CCI addresses it

CySSURANCE maps the CRA essential requirements to your product portfolio and computes the conformity gap; EviGen evidences secure-update and vulnerability-handling controls.

CySSURANCE platform →

Official source

Regulation (EU) 2024/2847

https://eur-lex.europa.eu/eli/reg/2024/2847/oj

The linked text is the authoritative legal or standards source. CCI maps to it; it is not a CCI publication.

← All frameworks