The EU Cyber Resilience Act – Towards a safe and secure digital market in Europe
26 March 2024
The EU’s Cyber Resilience Act (CRA) is waiting in the wings. On Tuesday 12 March, the European Parliament voted to approve the text of this milestone EU regulation, reflecting the political agreement reached by the European Parliament and the Council of the European Union late last year. The CRA is now awaiting formal approval by the Council and is expected to enter into force in the coming months.
Originally proposed by the European Commission in September 2022, the CRA will introduce mandatory cybersecurity requirements for products with digital elements made available on the EU market, establishing a consistent EU-wide legal framework for essential cybersecurity requirements for such products.
In this briefing we overview the CRA as adopted by the European Parliament on 12 March 2024, including the obligations imposed on those involved in the supply chain of connected devices, and consider key changes made by the Council and the European Parliament (the co-legislators) to the European Commission’s original proposal.
Download PDF