The European Cyber Resilience Act
The European Cyber Resilience Act
Posted Sep 25, 2023 22:51 UTC (Mon) by Wol (subscriber, #4433)In reply to: The European Cyber Resilience Act by Wol
Parent article: The European Cyber Resilience Act
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52022PC0454
You need BOTH documents on that page, they work together.
SaaS is NOT covered. The CRA defers to a new, yet-to-be-written, similar Regulation or Directive. That Regulation/Directive will be similar in spirit to the CRA.
Cheers,
Wol
Posted Sep 28, 2023 11:38 UTC (Thu)
by kleptog (subscriber, #1183)
[Link]
I do encourage people to do this. The original article above actually links directly to the original version (first link) and the amended versions by the Council[1] and Parliament[2] (under current state), so you can get an idea of where this is heading.
If nothing else, read just the recitals that come before the articles. While not explicitly legally binding they do provide guidance as to the how and why of the Act. They are written in straight-forward English and in the case of any ambiguity, the recitals make the difference. They also go into way more detail about how this is intended to work.
If you're into software design, the recitals are the equivalent of requirements & use cases.
Repeating the links in case people missed them.
[1] https://data.consilium.europa.eu/doc/document/ST-11726-20...
The European Cyber Resilience Act
[2] https://www.europarl.europa.eu/meetdocs/2014_2019/plmrep/...