Skip to main content

đź“© Stay Updated! Follow us on LinkedIn and join our mailing list for the latest news!

search

EU Cyber Resilience Act (CRA)

With publishing as Regulation (EU) 2024/2847 in the Official Journal of the European Union, the Cyber Resilience Act (CRA) entered into force (EIF) on December 10, 2024. The CRA will fully apply three years later, on December 11, 2027. The CRA will obligate all products with digital elements, including their remote data processing, put on the European market to follow this regulation.

The CRA intends to address threats and vulnerabilities by establishing standardized frameworks for cybersecurity requirements as part of a wider set of European product legislation. It regulates so-called “products with digital elements”, or PDE for short, and its horizontal nature gives it a big scope, including a wide set of hardware and software, but excluding medical devices, cars and other product types with their own safety and security rules. The primary goal is to reduce the costs for data breaches and increase customer trust in products with a digital element.

OpenSSF EU goose logo

CRA Resources

CRA News and Updates

CRAWorkshopBlog

Dec 23, 2024 | OpenSSF

In Blog, EU Cyber Resilience Act, Global Cyber Policy

CRA Stewards and Manufacturers Workshop: Key Takeaways and Next Steps

Last week the Linux Foundation Europe and OpenSSF teams held a workshop focused on the implications of the recently published Regulation (EU) 2024/2847, commonly known as the Cyber Resilience Act or CRA. The 2024 Stewards and Manufacturers Workshop in Amsterdam was a highly successful event where members from across the… Read more.
CRA Blog

Dec 17, 2024 | Christian Horchert

In EU Cyber Resilience Act

CRA Expert Group Composition

Here's a little breakdown of the current CRA expert group composition by country and category. The biggest non-institutional groups are companies, and trade and business associations, most of which are listed as European. Not sure why Philips is listed as a trade organisation, I would put them into the same… Read more.
CRABlog2

Dec 11, 2024 | OpenSSF

In Blog, EU Cyber Resilience Act

Understanding the CRA: OpenSSF’s Role in the Cyber Resilience Act Implementation – Part 2

In Part 1, we provided a general overview of the CRA and highlighted OpenSSF’s current activities related to its implementation. In Part 2, we’ll take a closer look at the three-year implementation timeline and what lies ahead. Read more.
UnderstandingCRA1

Nov 25, 2024 | OpenSSF

In Blog, EU Cyber Resilience Act

Understanding the CRA: OpenSSF’s Role in the Cyber Resilience Act Implementation – Part 1

With publishing as Regulation (EU) 2024/2847 in the Official Journal of the European Union, the Cyber Resilience Act (CRA) enters into force (EIF) on December 10, 2024. The CRA will fully apply three years later, on December 11, 2027. The CRA will obligate all products with digital elements, including their… Read more.

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get Involved
Close Menu