Official EU Cyber Resilience Act (CRA) December 2023 updates
Since the draft of the EU CRA was proposed in September 2022, the potential impact of the act on industrial equipment manufacturers has caused much confusion. While penalties were clearly communicated, it was unclear what might be the obligations and requirements that the act proposes. In general, the act demands that developers of devices and software products must provide security updates for their products.
Now that a year has passed since the announcement of draft, we asked a the European Commission’s EU CRA expert what new details regarding the requirements of the act have become clear in the meantime:
We also shared this information in the form of a seminar at trade fairs in Germany and Finland. The full seminar with slides and text can be found here.
Several days ago Today, the European Commission released a couple of new details. For example, it was officially confirmed that the act will be adopted in early 2024. To get a better overview of what the EU CRA is and why it is still needed, consult this fact sheet.
Although many questions have received official answers, we still recommend that you go through the materials we have published. There are many relevant details not officially revealed yet:
