Report 19 Sep 2023

Expert View: How to Prepare for the Cyber Resilience Act (CRA)

The Cyber Resilience Act (CRA), which is currently being discussed in the EU, is not aimed at specific user companies, unlike new regulations such as NIS2 and DORA, but at suppliers (manufacturers, importers, distributors) of IT hardware and software. The CRA is expected to come into force in 2025, so the relevant providers do not have too much time to prepare. Now is the time to act even though the law is not in effect as yet.