The Cyber Resilience Act (CRA) has now taken effect in the European Union, with the legislation introduced to enhance the security credentials of connected devices.
With the introduction of the act, the onus now falls on manufacturers to ensure products have sufficient support with customers able to benefit from guards against potential security flaws.
This is to prevent hacking risks and other compromises, with robust software updates in place.
CRA-compliant products can display the EU’s CE symbol to demonstrate their standards
Devices such as baby monitors, smartwatches, and home appliances will be covered by the new CRA directive, which will not be enforced in full for another three years, giving the industry time to adapt.
In October, another EU regulator body was urged to impose stricter cybersecurity requirements on the crypto sector.
The #CyberResilienceAct enters into force today, marking a major leap forward in protecting EU citizens & businesses from cyber threats. Enhanced transparency, security requirements & consumer support coming soon! #EU #cybersecurity
👉🏽 read more : https://t.co/GgOtY5JeuD pic.twitter.com/r2wwZwMRP6— CyberSec_EU 🇪🇺 (@Cybersec_EU) December 10, 2024
CRA aims to rebalance responsibility for cybersecurity
The CRA was first proposed in the European bloc two years ago, due to the notable increase in the volume of connected devices and the potential for problems to arise. Profits were potentially placed above customer security to some extent, but now all manufacturers will need to meet the required standards.
It means any products with digital components will need to be equipped for the duration of their lifespan, from concept to purchase and beyond. Retailers will also have a duty to ensure the stock they hold and supply is compliant.
By pushing back on manufacturers, the EU said it is intentionally “rebalancing responsibility” for cybersecurity issues with the simple proviso that products must meet the minimum requirements to enter the European market.
Any companies that fail to meet the new CRA regulations could be fined up to 2.5% of global turnover, or up to $15m ($15.76m) if greater, with other penalties in place for failing to respond to regulatory correspondence.
Image credit: Via Midjourney