On 10 December 2024, the Cyber Resilience Act entered into force with a grace period. The Cyber Resilience Act aims to enhance the cybersecurity of products with digital elements by establishing uniform cybersecurity requirements across the EU. The regulation applies to all products with digital elements, including hardware and software, that are placed on the EU market, excluding those covered by specific existing regulations like medical devices and motor vehicles. Manufacturers must ensure that their products meet essential cybersecurity requirements throughout their lifecycle, from design to disposal. This includes conducting risk assessments, handling vulnerabilities, and providing secure updates. Under the Act, member States must designate market surveillance authorities to ensure compliance and enforce the regulation. Non-compliance with the regulation can result in administrative fines of up to EUR 15'000'000 or 2.5% of global annual turnover, whichever is higher. The main obligations introduced by the Act will apply from 11 December 2027.
Original source