Cyber Resilience Act Published as Regulation in the Official Journal

The Cyber Resilience Act (CRA) has officially been adopted, marking a major step towards enhancing cybersecurity standards across the EU. Its publication in the Official Journal of the European Union (EUR-Lex) as Regulation 2024/2847was the final step in the legislative process for the CRA. The act establishes horizontal cybersecurity requirements for products with digital elements, addressing widespread vulnerabilities and inconsistent security update practices, with the aim of improving the security and resilience of digital products throughout their lifecycle​.

This final step defines the deadlines as follows:

  • December 10, 2024: Following its publication in the Official Journal of the European Union on November 20, 2024, the CRA will enter into force on the twentieth day after its publication, ensuring a swift transition towards enhanced cybersecurity standards.
  • September 11, 2026: Reporting obligations for stakeholders take effect.
  • December 11, 2027: Full application of the regulation.

The CRA introduces horizontal cybersecurity standards applicable to hardware, software, and digital services. The goal is to address widespread vulnerabilities and ensure that manufacturers prioritize security throughout a product’s lifecycle.

The regulation requires manufacturers to adopt vulnerability management processes and ensure timely security updates. It emphasizes transparency in the product lifecycle, obligating manufacturers to clearly communicate the duration of support for security updates.

The act also includes provisions to support microenterprises and small businesses, particularly in understanding and complying with the cybersecurity standards required by the regulation.

The Scope and Specific Provisions of the Cyber Resilience Act (CRA) require that all products with digital elements meet mandatory cybersecurity standards before being sold in the EU. Products must also display the CE marking, indicating compliance with EU safety regulations. Additionally, the CRA distinguishes between “important” and “critical” products, with stricter assessments applied to higher-risk products to ensure greater security.

Furthermore, the CRA ensures consumers are better informed about the security features of digital products, providing them with tools to choose secure devices and ensuring a safer digital environment for end-users, including children.

Overall, the Cyber Resilience Act sets the foundation for a more resilient digital landscape in Europe by mandating essential cybersecurity measures for all digital products. Emphasizing transparency, the CRA requires from manufacturers to prioritize cybersecurity at every stage – from design to end-of-life – while ensuring users are informed about security support periods. By harmonizing requirements across the EU, the act aims to foster a secure digital market while minimizing risks for consumers and businesses alike.

For more details, see the full regulation on EUR-Lex.

CRACoWi Project Officially Kicks Off in Athens

Athens – The CRACoWi project officially launched with a two-day event – Kick-off Meeting and press conference – in Athens, organized by ITML, the project coordinator. Funded under the Digital Europe Program (DEP)and supported by the European Cybersecurity Competence Centre, the project unites 14 partners from 4 EU countries – Greece, Germany, Slovenia, and Cyprus– to develop essential tools for cybersecurity compliance and certification in the digital market.

CRACoWi (Cyber Resilience Act – Compliance Wizard) aims to create a digital tool (Compliance Wizard) that helps SMEs, manufacturers, and distributors comply with the EU’s Cyber Resilience Act. By automating compliance assessments, generating necessary documentation, and supporting cybersecurity certification, CRACoWi ensures businesses can easily meet new cybersecurity standards throughout the product lifecycle.

The project began on September 1st, 2024, and will run for 36 months, focusing on simplifying cybersecurity compliance for businesses.

On September 30th, the first day of the kick-off conference, partners presented their work packages, deliverables, and project objectives. Attendees also received insights from the EU Project Officer, who shared best practices for implementing Digital Europe Program projects and aligning CRACoWi with EU cybersecurity objectives.

On October 1st, the second day of the conference, presentations featured complementary projects and initiatives, focusing on shared goals and collaboration across the cybersecurity ecosystem. Highlights included:

  • A detailed overview of the Cyber Resilience Act and the Radio Equipment Directive (RED), providing insights into how RED’s implementation informed the CRA.
  • Presentations from related projects such as SENTINEL, CYberSynchrony, and UNDERPIN, emphasizing synergies with CRACoWi in addressing common cybersecurity challenges.
  • A live demonstration of BUNKAI and an overview of the CYRENE project, illustrating hands-on approaches to cybersecurity tool development.

This is just the beginning of our journey toward making Europe’s digital market more secure! Stay tuned for more updates as we continue to push the boundaries of cybersecurity and compliance.

Follow CRACoWi!Stay updated on the CRACoWi project by following us on:

LinkedIn: https://www.linkedin.com/company/cracowi

X (formerly Twitter): https://x.com/CRACoWiProject