The EU’s new Cyber Resilience Act (CRA) sets out a comprehensive framework of cybersecurity requirements for products with digital elements. While most of its provisions will apply starting December 11, 2027, certain obligations—most notably, reporting duties for manufacturers—will kick in earlier, on September 11, 2026.
In a previous blog post, we offered an overview of the CRA and its broader context. In this article, we’re narrowing the focus to a key actor in the CRA’s ecosystem: the manufacturer. We’ll explore what qualifies someone as a manufacturer under the regulation, and what responsibilities that role carries under the new law.
Continue reading “Cyber Resilience Act (CRA) – Obligations for manufacturers”