The Cyber Resilience Act: Why, What, How, and When?

In December 2024, the European Union (EU) introduced the new Cyber Resilience Act (CRA), a comprehensive, product-specific cybersecurity regulation covering virtually all network-connected information technology products, hardware or software. Motivated by persistent cybersecurity vulnerabilities, inadequate product information, and insufficient security updates, the CRA aims to enhance cybersecurity throughout the EU and beyond, improve consumer decision-making, and yield significant economic benefits despite compliance costs. This presentation will explain why the CRA was introduced, outline its key obligations regarding so-called essential cybersecurity requirements, and clarify its implementation timeline. Additionally, the talk will address potential compliance challenges ahead within diverse industry sectors in Denmark and Finland.

Speaker:

Jukka Ruohonen, Assistant Professor, SDU