In short:
- The European Cyber Resilience Act (CRA) aims to ensure more secure hardware and software products
- The global cost of cybercrime is estimated to reach €5.5 trillion by 2021
- The CRA addresses two major issues: low cybersecurity, lack of understanding and access to information by users
- The CRA has four specific objectives, to:
- ensure manufacturers improve security of products,
- ensure a coherent cybersecurity framework,
- enhance transparency of security properties,
- enable organisations and consumers to use products securely.
- The cybersecurity of products with digital elements has a strong cross-border dimension and therefore needs to be regulated at the EU level.
Why does The European Cyber Resilience Act (CRA) exist?
The European Cyber Resilience Act (CRA) is a regulation on cybersecurity requirements for products with digital elements, aimed at ensuring more secure hardware and software products. The growing problem of cyberattacks has led to an estimated global annual cost of cybercrime of €5.5 trillion during 2021.
The proposed CRA aims to address two major issues with digital products: low cybersecurity and a lack of understanding and access to information by users.
While some products with digital elements are currently covered by EU legislation, the majority are not. The CRA aims to create conditions for the development of secure products with digital elements, and to allow users to take cybersecurity into account when selecting and using products.
The proposed CRA has four specific objectives.
- To ensure manufacturers improve the security of products with digital elements.
- To ensure a coherent cybersecurity framework.
- To enhance transparency of security properties of products with digital elements.
- To enable businesses and consumers to use products with digital elements securely.
Cybersecurity is needed everywhere, and legislation impacts
The cybersecurity of products with digital elements has a strong cross-border dimension, as products manufactured in one country are often used by organizations and consumers across the entire EU. The CRA aims to increase the overall level of cybersecurity of all products with digital elements placed on the EU market by introducing objective-oriented and technology-neutral essential cybersecurity requirements that apply horizontally.
This legislation significantly impacts the way private and public entities handle data privacy and security. The legislation was enforced in the second half of 2024. This requires organizations to notify individuals in the event of a data breach, as well as implement robust data protection measures.
The European Cyber Resilience Act can be helpful
link22 recognizes the importance of data privacy and security. We understand that data breaches can have serious consequences for both individuals and organizations, and we believe that this legislation is a step in the right direction towards protecting sensitive information.
However, the implementation of this legislation will not be without its challenges. Many private and public entities may struggle to meet the requirements set forth by the legislation and may require assistance to comply.
link22 is well-equipped to help private and public entities with technical solutions that ensure cybersecurity and legislative compliance.
Please book a meeting or a demo with us here.
More on this matter can be found here: https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act