The European Cyber Resilience Act (CRA)

The European Cyber Resilience Act (CRA) imposes strict cyber security standards on SMEs and improves their ability to protect digital products throughout their lifecycle. By preparing for compliance and ensuring transparent communication and regular updates, SMEs can gain the trust of their customers and gain a competitive advantage in the changing digital landscape.

The number and complexity of cyberattacks is increasing worldwide and poses a significant threat. Due to limited resources, small and medium-sized enterprises (SMEs) are often particularly vulnerable. The EU's Cyber Resilience Act is a regulation that will help companies combat cyber risks. It requires vendors of digital products and systems to comply with cyber security standards throughout the product lifecycle. This requirement raises essential questions for SMEs and their managers about their responsibilities and actions.

What is the Cyber Resilience Act?

The Cyber Resilience Act is an EU-wide regulation that sets binding security standards for hardware and software to improve cyber protection for digital products. It applies immediately in all EU member states and affects companies that manufacture, import or distribute products with digital elements.

The regulation focuses on ensuring

  • Digital products are designed, developed, and maintained securely throughout their lifecycle

  • Product vendors avoid security vulnerabilities during development

  • Vendors provide continuous updates to address emerging vulnerabilities

Who Is Affected by the Cyber Resilience Act?

The CRA applies to any company that manufactures, imports, or distributes products with "digital elements" in the EU, including

  • hardware (such as laptops, smartphones, or industrial control systems) and

  • software (like operating systems, middleware, or applications).

Certain products or services, which are covered with other cyber security standards are excluded.

What This Means for SMEs

The CRA brings new obligations and opportunities for SMEs. As all companies must meet these requirements, everyone will also benefit from simplifications. These are reduced technical documentation and lower costs for conformity assessments. Regular updates and transparent communication on product safety will also be crucial to minimize risks and increase customer confidence.

Another advantage of the CRA is the establishment of EU-wide standards that ensure compliance in all member states. It offers a competitive advantage as customers increasingly prioritize cybersecurity in their purchasing decisions.

What Should Companies Do Now?

Timeline of Cyber Resilience Act

We advise companies to prepare by assessing product risks, implementing regular security updates throughout the product lifecycle, and maintaining transparent communication with customers about cybersecurity measures. Creating a Software Bill of Materials (SBOM) is also mandated, providing visibility into potential vulnerabilities.

Conclusion: Action Now!

While CRA presents new challenges for SMEs, it also offers significant opportunities to improve resilience against cyber threats. By proactively implementing the CRA's security requirements, companies can gain the trust of their customers, gain a competitive advantage, and future-proof their business in a digital world.

Embedded Office Color Code