Executive Compliance Guide: Cyber Resilience Act | Navigating EU Law
Executive Compliance Guide: Cyber Resilience Act
Navigating EU Law
02. Juli 2026
Weltweit
Weltweit
Weltweit
The Cyber Resilience Act (CRA) introduces mandatory cybersecurity requirements for connected hardware and software products sold in the EU. It requires manufacturers, importers, and distributors to embed security throughout the product lifecycle, manage vulnerabilities, report serious incidents, and demonstrate compliance through CE marking.
Since its entry into force on 10 December 2024, the CRA has been reinforced by additional EU actions, including:
Technical standards to help businesses implement and demonstrate compliance with the CRA's cybersecurity requirements
Identification of higher-risk digital products that will be subject to stricter conformity assessment and compliance requirements
The Digital Omnibus proposal, published in November 2025, to streamline incident reporting under the CRA, NIS2, and GDPR
Guidance clarifying the CRA’s application to open-source software, remote data processing, support periods, and overlap with other EU rules
Der Inhalt der Website dient ausschließlich allgemeinen Informationszwecken und kann die rechtliche Beratung im Einzelfall nicht ersetzen. Obwohl die Website mit angemessener Sorgfalt ausgearbeitet wurde, spiegeln die Inhalte möglicherweise nicht die aktuellen rechtlichen Entwicklungen wider. Daher übernimmt Eversheds Sutherland keine Haftung für die Richtigkeit und Aktualität der Informationen. Den vollständigen Haftungsausschuss finden Sie in unseren „Geschäftsbedingungen“ oder in „Rechtliche Hinweise“ in der Fußzeile.