CE seal for all networked products

EU adopts Cyber Resilience Act (CRA)

CE

The Council of EU Home Affairs Ministers today adopted the Cyber Resilience Act (CRA). This introduces binding security standards for all networked devices for the first time.

From smart coffee machines to networked baby monitors – the CRA is taking a close look at all internet-enabled devices. In future, no connected product will enter the EU market without a safety check. This innovation closes a critical gap in the previous regulation, which only covered individual product categories

Ad

CE seal becomes a cyber shield

A key aspect of the CRA is the introduction of CE marking for all networked products. In future, this familiar symbol will not only stand for general product safety, but will also guarantee that the device meets basic cyber security standards.

German Federal Minister of the Interior Nancy Faeser emphasizes the importance of this measure: “Connected products make our everyday lives easier. But they can also be exploited by criminals. That’s why they need to be secure. You have to be able to rely on the fact that a connected device you carry with you or have at home is not a security risk. With the Cyber Resilience Act, we are taking cyber security in Europe to a new level. This will benefit consumers and businesses alike. In future, they will be able to recognize at a glance from the familiar CE mark that a networked device meets essential cyber security requirements. The tried-and-tested CE mark now also stands for security against cyber threats.

Obligations for economic operators and transition period

The CRA poses new challenges for the entire supply chain. Manufacturers must not only provide security updates, but also report vulnerabilities to a central point. Retailers and importers are also responsible for compliance with the standards. These new requirements will strengthen cyber security, but also mean additional work for companies.

Ad

All new products must be CRA-compliant in three years. Some provisions, such as the obligation to report security vulnerabilities, take effect after just 21 months.

Ad

Weitere Artikel