Cyber Resilience Act

Cyber Resilience Act

Status: In draft

Commission’s proposal published 15 September 2022
Currently undergoing the legislative process with reviews by Council and Parliament both proposing various and differing amendments
Adoption expected for Q1 2024
Application expected for Q1 2026

Summary

Horizontal regulation that covers all wired and wireless products connected to the internet and software.

Scope

Applies to manufacturers, importers and distributers of wired and wireless products connected to the internet and software placed on the EU market

Key elements

Obligations for manufacturers: essential cybersecurity requirements; mandatory vulnerability handling process for the expected product lifetime or 5 years (whichever is shorter); conformity assessment (either third party or self-assessment depending on criticality and risk class of the product), high-risk AI products will have to apply the conformity assessment from AI Act.; information /transparency obligation
Due diligence obligations for importers and distributers: ensuring that products comply with essential cybersecurity requirements and bear the CE marking

Challenges

Definition of hardware and software products that fall under the CRA is still being discussed
Overlap with other Acts of the EU Digital Strategy

EU Digital Strategy Hub

Blogs

Previous Next

Top EU data regulation trends for 2023

2022 was a year full of challenges for global businesses, and in particular in the realm of data protection regulation in the...

Author(s): Christoph Werkmeister, Michael Schwaab, Annabelle Hamelin

March 10 2023

eu digital strategy
eu digital services act
eu digital markets act
eu nis2 directive
eu data governance act
eu data act
eu ai act
eu cyber resilience act
eu ai liability directive
gdpr

Cybersecurity Resilience Act - EU proposes stricter cybersecurity rules for connected products

The European Commission proposed a Cyber Resilience Act (CRA) on 15 September 2022 aimed at protecting consumers and business...

Author(s): Julia Utzerath, Theresa Ehlen, Christoph Werkmeister, Eugene McQuaid

September 15 2022

cyber security
data
internet of things
product liability
eu digital strategy
eu cyber resilience act
eu nis2 directive
eu ai act
eu data act
gdpr

Dr. Theresa Ehlen Partner
Email Theresa Ehlen
Düsseldorf, Frankfurt am Main
See profile >
Dr. Christoph Werkmeister Partner
Email Christoph Werkmeister
Düsseldorf
See profile >
Dr. Lutz Riede Partner
Email Lutz Riede
Vienna, Düsseldorf
See profile >
Andrew Austin Partner, Head of London Dispute Resolution
Email Andrew Austin
London
See profile >

Professionals

Professionals

Pamela Marcogliese inducted into The Legal 500 Hall of Fame

Capabilities

Capabilities

Smarter service delivery for Freshfields’ clients

Insights

Insights

What’s Ahead for Bank Mergers in the United States?

About us

About us

Freshfields Named to the 2023 Bloomberg Law DEI Framework

Our regional experience

Europe

Americas

Asia-Pacific

Middle East

Africa

International language sites