CRA (Cyber Resilience Act)
Definition
The CRA is EU legislation that requires products with digital elements to meet cybersecurity requirements throughout their entire lifecycle. It is the first EU legislation to make "secure by design" enforceable.
The Cyber Resilience Act was adopted by the EU in 2024 and has a transition period until 2027. The law applies to all manufacturers and sellers of products with digital elements: hardware with embedded software, IoT devices, apps and software.
Requirements include: secure by design development, mandatory security updates throughout the entire lifespan, obligation to report actively exploited vulnerabilities, and CE marking after conformity assessment.
The CRA has a major impact on manufacturing companies, IoT manufacturers and software vendors. DEFION supports with a CRA Readiness Assessment and code security reviews.