10/14/2024 | Press release | Archived content
The Cyber Resilience Act (CRA) was published recently in the Official Journal of the EU. The regulation contains specifications for the cybersecurity of products with digital elements. Affected companies now have 36 months to implement the requirements contained in the CRA. Certain reporting obligations must be fulfilled within the next 21 months. Who exactly is responsible? And what does the CRA require?
EU legal act on cyber resilience: The aim of the CRA is to provide better protection from cyber attacks for consumers and businesses. The CRA contains a variety of specifications for manufacturers, importers and distributors of products with digital elements, which are capable of communicating with other products. This includes hardware and software products. In other words, products from the B2C segment such as smartphones or robotic vacuum cleaners are affected by this, as are those from the B2B segment such as controllers and sensors, as well as pure software products such as operating systems. The CRA was published in the Official Journal of the European Union on xx.xx.xxxx. As a regulation, this law applies immediately in EU member states. However, companies have 36 months in which to meet the new specifications.
The key requirements for machine manufacturers
What machine manufacturers can do now
As an expert in Safe and Secure automation, Pilz recommends that all machine manufacturers address the requirements of the CRA promptly, and work with component manufacturers and operators to develop cooperation concepts. In which network zone should a machine be operated? How should software updates be handled? If questions like these are clarified in advance, each economic operator can fulfil its new organisational and technical obligations. For decades, Pilz has been supporting machine builders and users with the Safety of their plant and machinery - including with the new requirements for Industrial Security. Because without Security, a machine with all its Safety measures is vulnerable and unprotected. Precautionary measures are a must.
2 practical tips for implementing CRA specifications