The EU has enacted the Cyber Resilience Act (CRA), setting cybersecurity standards for digital products. Companies have 36 months to comply, with some reporting duties due in 21 months.

Who Must Follow the CRA?

All manufacturers, importers, and distributors selling digital products in the EU must comply. This includes consumer goods like smart devices, industrial equipment such as controllers, and software like operating systems.

Key Requirements for Manufacturers

• Secure Design: Build cybersecurity into products from the start, ensuring protection throughout their lifecycle.
• Vulnerability Fixes: Provide free updates to fix vulnerabilities unless agreed otherwise with customers.
• Documentation: Keep detailed records of vulnerabilities and components.
• Fast Reporting: Report vulnerabilities within 24 hours via ENISA’s platform.

Steps for Manufacturers

Pilz, an automation safety expert, advises manufacturers to act early. Work with suppliers and operators to define secure network zones and update processes. Proactive planning ensures compliance and boosts resilience.

Pilz supports manufacturers in meeting safety and cybersecurity standards. Without strong security, even advanced safety systems are at risk. Prevention is critical.

By adopting the CRA, manufacturers can ensure compliance, build customer trust, and stay competitive in a connected market. The CRA strengthens the EU’s digital ecosystem, and early action is key to success.