On 12 March 2024, the European Parliament adopted the text of the Cyber Resilience Act (CRA), marking a significant milestone in cybersecurity legislation. As the CRA nears the end of its legislative process, it remains a focal point of the cybersecurity debate in Brussels. Despite having the text finalised, many details concerning its implementation still need clarification. To address this, the European Cyber Security Organisation (ECSO) conducted a survey to understand the industry’s challenges in implementing the CRA. The survey results highlight concerns, questions, and suggestions from the cyber ecosystem regarding the CRA implantation.

The primary challenges identified by the survey include the lack of clarity on product categories, proposed timelines for implementation, and conducting risk and conformity assessments. These challenges have been echoed in recent events and debates in Brussels concerning cyber standardisation, certification, and the CRA. Additionally, the survey results have informed the focus areas of ECSO’s Working Group 1 on Trusted Supply Chain, aiming to develop concrete outcomes to support and facilitate CRA implementation while providing organisations with necessary tools and guidelines.

In conclusion, the journey towards implementing the Cyber Resilience Act is marked by challenges that require careful navigation. The insights gathered from industry stakeholders will be instrumental in ensuring the successful and smooth implementation of the CRA, ultimately strengthening Europe’s cybersecurity framework.

The document is available here.