Publication in the Official Journal of the Cyber Resilience Act
European co-operation for Accreditation (EA)
Accredited once, accepted everywhere
On October 14, 2024, the European Commission adopted a new regulation on cybersecurity requirements for products with digital elements, ensuring they are safe before being placed on the market. This includes routers, smart home products, firewall systems, and smartcards. The regulation guarantees that digital products, such as Internet of Things (IoT) devices, are secure throughout their supply chain and lifecycle.
The Cyber Resilience Act (CRA) was published in the EU Official Journal on November 20, 2024. Regulation EU 2024/2847 establishes EU-wide cybersecurity requirements for the hardware and software’s design, development, production, and market availability.
Products covered by the CRA, including software and hardware, will display the CE mark to demonstrate compliance with the regulation’s standards. The CE mark, recognized in the European Economic Area (EEA) and Türkiye, signifies compliance with safety, health, and environmental protection requirements and standards.
Accreditation is vital in implementing the Cyber Resilience Act by ensuring that Conformity Assessment Bodies (CABs) seeking notification (Notified Bodies) are competent, impartial, and trustworthy. CABs verify that in the case of the CRA, hardware, and software products – listed as important and critical – meet the regulation’s cybersecurity requirements, enabling manufacturers to apply the CE marking. This harmonized approach enhances trust across EU Members, lifts trade barriers, reduces redundant certifications, and ensures products are secure throughout their lifecycle.
The regulation shall apply from 11 December 2027. The requirements on Notified Bodies shall apply from 11 June 2026.
|TIC Industry-Sales&Marketing, Audit, Inspection and Certification|PESO|IBR|CE-UKCA Mark PED,MD,CPR, ATEX, IECEx|EN 1090|Welding|NoBo|NORSOK|ISO3834|Design Appraisal|Accreditation|Rail-ISA-SIL|ISO 17020|ISO 17065|
1 个月This is a significant step forward for the EU in bolstering cybersecurity across the board. By standardizing requirements, the CRA not only enhances protection but also promotes innovation and trust in digital products. It's crucial for businesses to stay ahead by integrating these requirements early in their development processes. This proactive approach will not only ensure compliance but also give companies a competitive edge in the market. Exciting times ahead for cybersecurity and digital resilience!
Brain rental service for ISO certifications/accreditations.
3 个月EA is currently refusing to enforce other EC regulations, like EC-765-2008 as well as the EC's request to stop all accreditation in Russia. Wht should anyone believe EA will have any oversight role at all in this cybersecurity regulation? EA exists to protect the accreditation bodies from complaints, not ensure their conformity with EC regs or ISO 17011.