Cyber Resilience Act

Rygian1 pts0 comments

Cyber Resilience Act | Shaping Europe’s digital future

Skip to main content

Previous itemsNext itemsHome<br>Policies<br>Activities<br>News<br>Library<br>Funding<br>Calendar<br>Consultations<br>AI Office

Cyber Resilience Act

Introducing the Cyber Resilience Act: the EU's new plan to make sure all digital products are safe from cyber threats. This important rulebook requires that devices and software are designed, updated, and maintained to protect users in our increasingly digital world. Experience a safer, more connected future where your security comes first.

From baby-monitors to smart watches, from apps to computer programs, connectable hardware and software are omnipresent in our daily lives. Less apparent to many users is the security risk such products may present.

The Cyber Resilience Act (CRA) aims to safeguard consumers and businesses buying software or hardware products with digital elements. The CRA addresses the inadequate level of cybersecurity in many products, and the lack of timely security updates. It also tackles the challenges consumers and businesses currently face when trying to determining which products are cybersecure and in setting them up securely, making it easier to identify hardware and software with the proper cybersecurity features.

The CRA introduces mandatory cybersecurity requirements for manufacturers, covering the planning, design, development and maintenance of such products. These obligations must be met at every stage of the value chain. The CRA also requires manufacturers to handle vulnerabilities during the lifecycle of their products. Some products of particular relevance for cybersecurity may need to undergo a third-party assessment by a notified body before they are sold on the EU market.

Products will bear the CE marking to indicate that they comply with the CRA requirements and national market surveillance authorities will ensure enforcement of the rules.

The CRA entered into force on 10 December 2024. The main obligations introduced by the Act will apply from 11 December 2027, with reporting obligations to apply as of 11 September 2026.

The Cyber Resilience Act builds on the 2020 EU Cybersecurity Strategy and EU Security Union Strategy. It complements other legislation in this area, specifically the NIS2 Directive.

Find out more about the implementation of the Cyber Resilience Act.

Quick Links

Cyber Resilience Act - Legal text

Cyber Resilience Act - Summary of the legal text

FAQ - Cyber Resilience Act implementation (EN)

Follow us<br>CyberSec EU on X

Related Content

Big Picture

EU cybersecurity policies

The European Union works on various fronts to promote cyber resilience, safeguarding our communication and data and keeping online society and economy secure.

Cyber Resilience Act - Manufacturers<br>The CRA acknowledges that manufacturers along the entire supply chain are responsible for security...

Cyber Resilience Act - Member States<br>Member States play an essential role in the implementation of the CRA. In particular, they are...

The Cyber Resilience Act - Summary of the legislative text<br>The text below summarises the main provisions of Regulation (EU) 2024/2847, in order to support the...

Cyber Resilience Act - Conformity assessment<br>Most products, such as household appliances, computer games or mobile applications, will be subject...

Cyber Resilience Act - Microenterprises and Small and Medium-sized enterprises (MSMEs)<br>It is important to provide support to microenterprises and small and medium-sized enterprises (MSMEs...

Cyber Resilience Act - Open source<br>The Cyber Resilience Act has a special approach to free and open-source software, given its central...

Cyber Resilience Act - Standardisation<br>Technical standards play an important role in facilitating the CRA implementation.

Cyber Resilience Act - Reporting obligations<br>As of 11 September 2026, manufacturers are required to report actively exploited vulnerabilities and...

Last update

22 June 2026

Print as PDF

cyber resilience products cybersecurity software security

Related Articles