This article needs to be updated.(October 2024) |
European Union regulation | |
Text with EEA relevance | |
Title | Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) No 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act) |
---|---|
Journal reference | OJ L, 2024/2847, 20.11.2024 |
Pending legislation |
The Cyber Resilience Act (CRA) is an EU regulation proposed on 15 September 2022 by the European Commission for improving cybersecurity and cyber resilience in the EU through common cybersecurity standards for products with digital elements in the EU, such as required incident reports and automatic security updates.[1] Products with digital elements mainly are hardware and software whose "intended and foreseeable use includes direct or indirect data connection to a device or network".[2]
After publication of the draft proposal, multiple open source organizations criticized CRA for creating a "chilling effect on open source software development".[3] The European Commission reached political agreement on the CRA on 1 December 2023, after a series of amendments.[4] The revised bill introduced the "open source steward", a new economic concept, and received relief from many open source organizations due to its exception for open-source software,[5] while Debian criticized its effect on small businesses and redistributors.[6] The CRA agreement received formal approval by the European Parliament in March 2024.[7] It has been adopted by the Council on 10 October 2024.[8]
briefing
was invoked but never defined (see the help page).crunch
was invoked but never defined (see the help page).listened
was invoked but never defined (see the help page).debianstatement2023dec
was invoked but never defined (see the help page).