The proposed EU Cyber Resilience Act: what it is and how it may impact the supply chain
October 17, 2022
On 15 September 2022, the European Commission published its proposal for a new Regulation which sets out cybersecurity related requirements for products with “digital elements”, known as the proposed Cyber Resilience Act (the CRA).
The CRA introduces common cybersecurity rules for manufacturers, developers and distributors of products with digital elements, covering both hardware and software. The rules seek to ensure that: (i) connected products and software placed on the EU market are more secure; (ii) manufacturers remain responsible for cybersecurity throughout a product’s life cycle; and (iii) consumers are properly informed about the cybersecurity around the products that they buy and use.