Digital Policy Alert logo

European Union: Implemented Regulation 2024/2847 amending the Cyber Resilience Act (2020/1828) including notification of conformity assessment bodies

Policy overview

Description

Implemented Regulation 2024/2847 amending the Cyber Resilience Act (2020/1828) including notification of conformity assessment bodies

On 11 June 2026, Regulation 2024/2847 on horizontal cybersecurity requirements for products with digital elements, amending Regulations (EU) No 168/2013 and (EU) No 2019/1020 and the Cyber Resilience Act (2020/1828), enters into force. The EU Regulation (2024/2847) on the Cyber Resilience Act aims to enhance the cybersecurity of products with digital elements by establishing uniform cybersecurity requirements across the EU. The regulation applies to all products with digital elements, including hardware and software, that are placed on the EU market, excluding those covered by specific existing regulations, such as medical devices and motor vehicles. Chapter IV outlines the process for notifying and monitoring conformity assessment bodies (CABs) in the EU. Member States designate authorities to assess and notify CABs, ensuring their independence, competence, and impartiality. CABs must meet strict requirements and report to authorities, while the Commission maintains a public list of notified bodies. Coordination and information exchange between Member States and CABs ensure consistency and compliance with the Cyber Resilience Act across the Union.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
supranational
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2022-03-16
in consultation

On 16 March 2022, the European Commission launched a public consultation for the Cyber Resilience A…

2022-05-25
processing consultation

On 25 May 2022, the European Commission closed the public consultation for the Cyber Resilience Act…

2022-09-15
under deliberation

On 15 September 2022, the European Commission introduced a proposal for the "Cyber Resilience Act" …

2023-07-19
under deliberation

On 19 July 2023, the Council of the European Union reached a common position on the proposed Cybers…

2023-11-30
under deliberation

On 30 November 2023, the Council of the European Union and the European Parliament reached a common…

2024-03-12
under deliberation

On 12 March 2024, the European Parliament adopted the text provisionally agreed on the regulation r…

2024-10-10
adopted

On 10 October 2024, the Council of the EU adopted the regulation on Cybersecurity Requirements for …

2024-12-10
in grace period

On 10 December 2024, the Cyber Resilience Act entered into force with a grace period. The Cyber Res…

2026-06-11
in force

On 11 June 2026, Regulation 2024/2847 on horizontal cybersecurity requirements for products with di…

2026-09-11
in force

On 11 September 2026, Regulation 2024/2847 concerning horizontal cybersecurity requirements for pro…

2027-12-11
in force

On 11 December 2027, Regulation 2024/2847 on horizontal cybersecurity requirements for products wit…