Guidance on implementing the CRA: your next steps
Read here how you can fulfill the new legal requirements in a targeted manner.
1. Check for applicability
The CRA applies in principle to all products with digital elements on the European market and divides them into risk classes. However, a few product types are exempt from the CRA. Check whether your products are affected now with our free Quick-Check!
2. Clarify role
The focus of the CRA is on manufacturers of products with digital elements. They must ensure that their products meet the requirements of the regulation. However, there are also obligations for distributors, importers, authorized representatives and other natural and legal persons. Companies must therefore examine the role in which they operate on the market.
3. Implement requirements
The CRA obliges manufacturers of products with digital elements to meet certain cybersecurity and vulnerability management requirements. Security updates must be made available free of charge. Manufacturers have to comply with the most extensive list of obligations of all economic actors, while the other participants in the value chain are primarily subject to testing, monitoring and documentation obligations. A CRA assessment can be used to determine conformity with the requirements of the CRA and thus identify any need for action at an early stage.
4. Monitoring
Both the legal situation and products with digital elements are subject to change, which can be accompanied by changing requirements. Companies must therefore continuously monitor both the legal situation and product development and react to relevant changes. Companies are therefore well advised to carry out both efficient CVE detection and an impact assessment now in order to evaluate their own products in terms of security, prevent vulnerability scenarios and prepare for serious consequences.