Term · 28. International Regulations
EU CRA (Cyber Resilience Act) CRA
Definition
EU regulation (Regulation (EU) 2024/2847; in force 10 Dec 2024) imposing cybersecurity requirements on products with digital elements (PDE) — covering software, hardware, IoT, and digital services placed on the EU market. Requires secure-by-design development, vulnerability handling, vulnerability/incident reporting to ENISA (early warning within 24 hours) from 11 Sep 2026, and CE marking; main obligations apply from 11 Dec 2027. Identity products and IAM platforms fall under CRA scope.
- Synonyms
-
- Regulation (EU) 2024/2847
- Application
- Affects manufacturers, importers, and distributors of products with digital elements sold in the EU. IDM/IAM vendors must demonstrate secure default configurations, vulnerability disclosure programs, security update mechanisms, and SBOM (Software Bill of Materials) documentation.
- Sources
-
- Regulation (EU) 2024/2847 — Cyber Resilience Act (eur-lex) primary source
- European Commission — CRA overview regulator
Related terms
-
ENISA (European Union Agency for Cybersecurity) (ENISA)
EU agency providing cybersecurity guidance, threat intelligence, and certification schemes across member states. Coordin …
-
CMMC (Cybersecurity Maturity Model Certification) (CMMC)
US Department of Defense framework certifying cybersecurity practices of Defense Industrial Base (DIB) contractors handl …
-
CSA CCoP (Cybersecurity Code of Practice for CII, Singapore) (CSA CCoP)
Singapore Cyber Security Agency's mandatory Code of Practice for Critical Information Infrastructure (CII) operators acr …
-
FedRAMP (Federal Risk and Authorization Management Program) (FedRAMP)
US government program standardising security assessment and authorization of cloud services used by federal agencies. Th …
-
MAS TRM (Monetary Authority of Singapore — Technology Risk Management Guidelines) (MAS TRM)
Singapore central bank's prescriptive guidelines (revised 2021) for technology risk management at financial institutions …
-
SOC 2 (System and Organization Controls 2) (SOC 2)
AICPA auditing framework for service organizations, evaluating controls relevant to five Trust Services Criteria: Securi …