Go to content
Search Typeahead
${facet.Name} (${facet.TotalResults})
${item.Icon}
${ item.Overline }
${ item.Title }
${ item.Date } | ${ item.Authors }
${ item.PhoneNumber } ${ item.Email }
${ item.ShortDescription }
${ item.SearchLabel?.ViewModel?.Label }
See all results
Search Typeahead
${facet.Name} (${facet.TotalResults})
${item.Icon}
${ item.Overline }
${ item.Title }
${ item.Date } | ${ item.Authors }
${ item.PhoneNumber } ${ item.Email }
${ item.ShortDescription }
${ item.SearchLabel?.ViewModel?.Label }
See all results
  1. Home
  2. Our Blogs
  3. Regulatory
  4. Ensuring digital safety across the EU: The impact of the Cyber Resilience Act

Ensuring digital safety across the EU: The impact of the Cyber Resilience Act

16 Apr 2026
|

The Cyber Resilience Act (CRA) is a pivotal EU regulation designed to bolster the cybersecurity of digital products, including hardware and software, in response to the escalating risks of cyberattacks. With cybercrime causing an estimated €5.5 trillion in global damages by 2021, the CRA aims to address vulnerabilities and ensure a safer digital environment for consumers and businesses alike.

Key objectives of the CRA include:

  • Improved product security: Ensuring manufacturers design, develop and maintain products with robust cybersecurity measures throughout their lifecycle.
  • User empowerment: Providing consumers and businesses with clear information to make informed decisions about secure digital products.
  • Transparency and compliance: Establishing a coherent cybersecurity framework to simplify compliance for manufacturers and enhance transparency regarding product security features.

The CRA introduces mandatory cybersecurity requirements for all products with digital elements, ensuring they are designed with security in mind from the outset. Manufacturers are obligated to provide timely security updates and manage vulnerabilities throughout the product lifecycle. High-risk products may require third-party assessments before being marketed in the EU and compliant products will bear the “CE” marking, signifying adherence to the CRA's standards. National market authorities will oversee enforcement to ensure compliance.

The CRA not only protects consumers but also fosters trust in the digital market by creating a level playing field for manufacturers. It builds on the EU Cybersecurity Strategy and complements existing legislation, such as the NIS2 Directive, to create a comprehensive cybersecurity framework.

Timeline

The CRA officially came into force on 10 December 2024, with key obligations taking effect from 11 December 2027 and reporting requirements starting 11 September 2026. A timeline of the reporting obligations and deliverables seen below.

The CRA also clarifies that manufacturers must report actively exploited vulnerabilities in third-party components integrated into their products. This ensures a comprehensive approach to cybersecurity, addressing risks across the entire supply chain. By mandating transparency and proactive vulnerability management, the CRA represents a significant step forward in safeguarding the digital ecosystem, ensuring that the benefits of digital innovation are not undermined by preventable security risks.

For more information, the Cyber Resilience Act’s dedicated webpage can be accessed here

The FAQ - Cyber Resilience Act implementation page can be found here

Related content: Our blog post on the NIS2 Directive be accessed here

Authors
Elina Mantrali Harneys front portrait image on a grey background
Elina Mantrali
Counsel | Regulatory & Tax | Cyprus
Iphigenia Georgiou Harneys front portrait image on a grey background
Iphigenia Georgiou
Senior Associate | Banking & Corporate | Cyprus
Marilena Papachristodoulou Harneys front portrait image on a grey background
Marilena Papachristodoulou
Associate | Banking & Corporate | Cyprus