Do you know what the CRA is?

It’s not just winter that’s coming, so too are the new EU cyber rules.

With the goal of shaping Europe’s digital future, the Cyber Resilience Act (CRA) will go into effect on 11 December 2027.

The CRA requires that all products with a digital element be designed, developed and produced in such a way that it ensures an appropriate level of cybersecurity based on risk. Everything from mobile gaming applications to smartphones, laptops, home cameras, smart watches, connected toys, smart metres, firewalls, modems and sensors all fall under the auspices of the CRA.

This means that before any one of these products is released to the market, it must, amongst other things:

• Have no known exploitable vulnerabilities
• Offer a secure-by-default configuration
• Protect against unauthorised access
• Only process relevant data
• Be designed, developed and produced to limit the attack surface and the impact of an incident
• Provide security related information

“Security by design is at the heart of the CRA, requiring that SMEs embed security into a system from its initial stages – during creation, design and development – rather than adding it later,” says CURIUM project coordinator Argyro Chatzopoulou. “In doing so, a product should arrive on the market free of vulnerabilities and be able to protect the integrity of customer data.”

To help SMEs prepare for these rules, the cybersecurity experts from the SME4DD and the CURIUM projects have joined forces to provide you with the concrete tools and knowledge you need to put these rules into practice.

You can learn more by reading our latest article!