The Cyber Resilience Act (CRA) will ensure the core principles of cybersecurity within the European Union (EU), helping to make our products safe, globally competitive and able to address various vulnerabilities, Head of Unit, Market Technology and Product Security of the European Union Agency for Cybersecurity (ENISA) Apostolos Malatras said on Wednesday at the Bucharest Cybersecurity Conference (BCC2025).
Apostolos Malatras encouraged those who have not yet read the CRA to do so, describing it as an important piece of legislation proposed by the European Commission together with co-legislators. He explained that the CRA applies to almost everyone involved in buying or selling products on the digital single market, as all components and products introduced must comply with the regulation. He acknowledged the scale of the act is vast and can seem daunting at first, a sentiment shared by many. Malatras added that they are working closely with all bodies in member states and private actors to develop practical guidance and technical implementations to support people, especially SMEs, the open-source community, but also manufacturers bringing products to the market.
He added that the implementation deadline for the Cyber Resilience Act, set for the end of 2027, is not far off and people need to understand the impact the CRA will have on them, not only in terms of compliance, but also regarding the real security of products.
The ENISA official explained that extensive work is underway within standardisation bodies, with all stakeholders actively involved in order to establish the standards required to ensure products comply with the Cyber Resilience Act. He said one reason for organising the event in partnership was to raise awareness that compliance will not happen overnight. People need to start preparing and understand the CRA's impact, not just in terms of compliance, which is often seen as simply following rules, but in terms of real product security. He stressed that the regulation provides a foundation to establish core cybersecurity principles across the entire single market, helping make products safe, globally competitive and capable of addressing various vulnerabilities encountered.
According to the source, cyber crises occur because of the vulnerabilities present in certain products.
The Cyber Resilience Act was adopted by the European Commission in October 2024 and will become mandatory for manufacturers from December 2027. The regulation sets a minimum level of cybersecurity for connected products on the European market.
Manufacturers have 36 months to adapt their products to the new requirements, and, as of 11 December 2027, all new products must fully comply with these rules.
The new rules ensure secure product design, protection against vulnerabilities and support throughout the product's lifecycle (including security updates and patches). These requirements apply to all digital products sold in the EU, whether standalone or integrated into other systems.
The 2025 edition of the Bucharest Cybersecurity Conference (BCC2025), which takes place between 6 and 9 October, is organized by the Romanian National Cyber Security Directorate (DNSC), with the support of the Romanian National Coordination Centre (NCC-RO) and the National Association for Information Systems Security (ANSSI).
AGERPRES National News Agency is one of the media partners of the event.
Comentează