Introduction

The cyber resilience agt (CRA) is an EU regulation that aims to address two issues noted by EU legislators:

  • Inadequate level of cybersecurity inherent in many products, or inadequate security updates.
  • Inability of consumers to determine which products are cybersecure, or how to set them up in a way that it is protected.

The CRA will help safeguard consumers and businesses buying or using products with digital elements (PDEs),

Where to find CRA

Scope of the CRA

All products with digital elements (PDEs) in the EU market are divided into four categories:

  • Default products
    • 90% of products
    • Hard drives
    • Smart speakers
  • Important products class I
    • Password managers
    • Operating systems
    • Wearable devices
  • Important products class II
    • Hypervisors
    • Firewalls
    • Intrusion detection systems
  • Critical products
    • Smartcards
    • Harware security modules
    • Smart meter gateways

LIst of products provided in Annex III and Annex IV.