Progress

Current status
in grace period
11 Dec 2027 in force
11 Sep 2026 in force
11 Jun 2026 in force
10 Dec 2024 in grace period
10 Oct 2024 adopted
12 Mar 2024 under deliberation
30 Nov 2023 under deliberation
19 Jul 2023 under deliberation
15 Sep 2022 under deliberation
25 May 2022 processing consultation
16 Mar 2022 in consultation

Scope

Implementers
Austria
Belgium
Bulgaria
Croatia
Cyprus
Czechia
Denmark
Estonia
Finland
France
Germany
Greece
Hungary
Ireland
Italy
Latvia
Lithuania
Luxembourg
Malta
Netherlands
Poland
Portugal
Romania
Slovakia
Slovenia
Spain
Sweden
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Government Branch
executive
legislature
Government Body
other regulatory body
central government
parliament
Implementation Level
supranational

Timeline of events

11 Dec 2027
in force

Implemented Regulation 2024/2847 on horizontal cybersecurity requirements for products with digital elements amending the Cyber Resilience Act (2020/1828)

On 11 December 2027, Regulation 2024/2847 on horizontal cybersecurity requirements for products with digital elements amending Regulations (EU) No 168/2013 and (EU) No 2019/1020 and the Cyber Resilience Act (2020/1828) enters into force. The EU Regu…

Source
Event type law
Action type implementation
Government branch executive
Government body other regulatory body
11 Sep 2026
in force

Implemented Regulation 2024/2847 amending the Cyber Resilience Act (2020/1828) including reporting obligations of manufacturers

On 11 September 2026, Regulation 2024/2847 concerning horizontal cybersecurity requirements for products with digital components, which amends Regulations (EU) No 168/2013 and (EU) No 2019/1020 as well as the Cyber Resilience Act (2020/1828), enters…

Source
Event type law
Action type implementation
Government branch executive
Government body other regulatory body
11 Jun 2026
in force

Implemented Regulation 2024/2847 amending the Cyber Resilience Act (2020/1828) including notification of conformity assessment bodies

On 11 June 2026, Regulation 2024/2847 on horizontal cybersecurity requirements for products with digital elements, amending Regulations (EU) No 168/2013 and (EU) No 2019/1020 and the Cyber Resilience Act (2020/1828), enters into force. The EU Regula…

Source
Event type law
Action type implementation
Government branch executive
Government body other regulatory body
10 Dec 2024
in grace period

Entry into force with grace period of Cyber Resilience Act including cybersecurity requirements for products with digital elements

On 10 December 2024, the Cyber Resilience Act entered into force with a grace period. The Cyber Resilience Act aims to enhance the cybersecurity of products with digital elements by establishing uniform cybersecurity requirements across the EU. The …

Source
Event type law
Action type in force with grace period
Government branch executive
Government body central government
10 Oct 2024
adopted

Adopted Cyber Resilience Act by the Council of the EU including cybersecurity requirements for products with digital elements

On 10 October 2024, the Council of the EU adopted the regulation on Cybersecurity Requirements for Products with Digital Elements (Cyber Resilience Act), which aims to establish mandatory cybersecurity requirements for products with digital componen…

Source
Event type law
Action type adoption
Government branch legislature
Government body parliament
12 Mar 2024
under deliberation

Passed Cyber Resilience Act by the European Parliament including cybersecurity requirements for products with digital elements

On 12 March 2024, the European Parliament adopted the text provisionally agreed on the regulation regarding Cybersecurity Requirements for Products with Digital Elements (Cyber Resilience Act), which aims to establish mandatory cybersecurity require…

Source
Event type law
Action type passage
Government branch legislature
Government body parliament
30 Nov 2023
under deliberation

Reached Council and the Parliament provisional agreement on the Cyber Resilience Act including cybersecurity requirements for products with digital elements

On 30 November 2023, the Council of the European Union and the European Parliament reached a common provisional agreement on the proposed regulation regarding Cybersecurity Requirements for Products With Digital Elements (Cyber Resilience Act), whic…

Source
Event type law
Action type passage
Government branch legislature
Government body parliament
19 Jul 2023
under deliberation

Adopted Council general approach on Cyber Resilience Act including cybersecurity requirements for products with digital elements

On 19 July 2023, the Council of the European Union reached a common position on the proposed Cybersecurity Requirements for Products With Digital Elements (Cyber Resilience Act), which aim to establish mandatory cybersecurity requirements for produc…

Source
Event type law
Action type passage
Government branch legislature
Government body parliament
15 Sep 2022
under deliberation

Introduced Cyber Resilience Act containing cybersecurity requirements

On 15 September 2022, the European Commission introduced a proposal for the "Cyber Resilience Act" to the Council and European Parliament. The Act aims to establish common cybersecurity rules for digital products and related services that are placed…

Source
Event type law
Action type introduction
Government branch executive
Government body central government
25 May 2022
processing consultation

Closed public consultation on Cyber Resilience Act

On 25 May 2022, the European Commission closed the public consultation for the Cyber Resilience Act. The Cyber Resilience Act aims to establish common cybersecurity rules for digital products and related services that are placed on the market across…

Source
Event type law
Action type consultation closed
Government branch executive
Government body central government
16 Mar 2022
in consultation

Opened public consultation on Cyber Resilience Act

On 16 March 2022, the European Commission launched a public consultation for the Cyber Resilience Act until 25 May 2022. The Cyber Resilience Act aims to establish common cybersecurity rules for digital products and related services that are placed …

Source
Event type law
Action type consultation opened
Government branch executive
Government body central government