The European Cyber Resilience Act (CRA), promulgated in December 2024, is an important law that establishes security requirements for connected digital products.

Vulnerability reporting requirements will take effect in September 2026 and all provisions in December 2027, with hefty penalties for companies that violate the law.
This presentation will provide a clear explanation of the key requirements of the CRA and what firms should be working on now.

The Cyber Resilience Act (CRA) is coming into effect!
What digital product manufacturers need to do now
This session will explain the main requirements of the CRA and provide an overview of specific measures that digital product manufacturers should take.

From design, development, and production with cyber security in mind, to elimination of known vulnerabilities prior to market launch, to vulnerability and incident reporting and patch provision after market launch,
Examples of risk analysis methods and efficient vulnerability monitoring systems will be presented.