REGULATION
EU Cyber Resilience Act
New EU regulation imposing cybersecurity requirements on products with digital elements, fully applicable from December 11, 2027.
Ask NavJun about this regulation →REGULATION
New EU regulation imposing cybersecurity requirements on products with digital elements, fully applicable from December 11, 2027.
Ask NavJun about this regulation →AT A GLANCE
Markets
EU
Affected categories
Connected products · IoT · Electronics · Consumer electronics with digital elements
Sample question NavJun answers
Does my connected lighting controller fall under the EU CRA's definition of a 'product with digital elements'?
Citation
Regulation (EU) 2024/2847 (Cyber Resilience Act)
In Depth
The EU Cyber Resilience Act (Regulation (EU) 2024/2847) introduces mandatory cybersecurity requirements for hardware and software products with "digital elements" placed on the EU market.
Manufacturers must conduct cybersecurity risk assessments, ensure products are designed and produced in accordance with essential cybersecurity requirements, provide vulnerability handling for the product's lifetime (or 5 years minimum), report actively exploited vulnerabilities to ENISA within 24 hours, and apply CE marking before placing the product on the market.
Full applicability is December 11, 2027. Most product teams need to start CRA conformity work now.
Type a product-specific question. Get a cited answer in seconds. 10-day free trial.
Start your free trial →