Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Germany: BSI publishes guidance on Cyber Resilience Act
On October 21, 2024, the Federal Office for Information Security (BSI) published guidance on the Cyber Resilience Act (CRA).
What questions does the guidance answer?
The guidance informs, among other things, that a product will fall under the scope of CRA if:
- it uses digital elements or is a software product;
- will be launched on the EU market from the end of 2027;
- is not one of the five exceptions - medical devices, vehicles, in vitro diagnostics, civil aviation, and products in the context of national security; and
- is not free open-source software without the intention to make a profit.
The guidance further addresses questions such as the applicability of the CRA to small and medium-sized enterprises (SMEs) and microenterprises, requirements on cybersecurity, conformity declaration, disclosure of vulnerabilities, and software updates.
Additionally, the BSI noted that in order to make the requirements of the CRA more tangible, it is developing a technical guideline in which the requirements for manufacturers and products with regard to cyber resilience will be described clearly and specifically.
You can read the guidance, only available in German, here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
