When designing, developing and producing any product with digital elements, the manufacturer will need to ensure that the product meets the essential cybersecurity requirements, carry out cyber risk and conformity assessments and comply with reporting obligations.
Importers, distributors and 'open-source software stewards' also have specific obligations.
The CRA itself is here, and the technical descriptions of 'important' and 'critical' products have just been published.
There is also an initial set of FAQs that seems likely to evolve as implementation proceeds.
The full implementation time line, with links to relevant docs, is set out here.
This post is for information purposes. Please let me know if you need advice on it, whether you're based in or outside the EEA.
No comments:
Post a Comment