Get ready for the new EU Cyber Resilience Act (CRA). Assess your level of adherence to the CRA Essential Cybersecurity Requirements and improve the cyber resilience maturity of your product and company processes. The Applus+ Cyber Resilience Mark assesses the products' adherence to the CRA (Cyber Resilience Act) essential requirements, for ‘Default’ or ‘Unclassified’ categories.
The CRA regulation will enter into force on 11 December 2024, and manufacturers will have until 11 December 2027 to apply its requirements, excepting a more limited period until 11 September 2026 for the reporting obligation of manufacturers for incidents and vulnerabilities. CRA will impact a wide range of businesses selling their digital products in Europe, but with different degrees of stringency. Read our publication to get a deeper understanding of the CRA essential requirements and affected products.
All vendors affected by the new regulation should start preparing, as compliance will affect the product development at its core, to assess the company’s cyber resilience maturity. Applus+ Laboratories has developed a new Certificate of Conformity aimed at vendors of non-critical products that will qualify as ‘Default’ or ‘Unclassified, as defined by the CRA. Around 90% of the impacted products are expected to be in this category. Although those vendors can opt for a self-assessment, compliance with CRA requirements would be a legal obligation, including the provision of all the evidence needed (with potential fines for non-compliant companies).
Applus+ Laboratories has developed an internal methodology, settled in the European Fixed-time cybersecurity evaluation methodology for ICT products (FITCEM) EN 17640:2022.
FITCEM EN 17640:2022 is a generic framework to develop evaluation methodologies based on a set of pre-defined tasks. It was developed by CEN CENELEC to standardize existing national methodologies like LINCE (Spain), CSPN (France) or BSZ (Germany) with the participation of Applus+ Laboratories experts as co-editors. Our internal methodology is an instantiation of FITCEM, tailored to the future requirements of the CRA. Our experts in different technologies can analyze the specific needs depending on the type of product.
The manufacturer shall provide the following evidence included in the Technical File/Technical Documentation (see CRA Annex II and Annex V):
The outcome of the evaluation is a CoC (Certificate of Conformity) that lists how many requirements are accomplished from product and vulnerability handling requirements. The CoC will be accompanied with the right to use the Applus+ Cyber Resilience mark.
Applus+ Laboratories is your partner in building a cyber resilient digital future. We are one of the top 3 cybersecurity labs for Common Criteria certification. We are top-notch experts in security evaluation, offering more than 20 cybersecurity schemes for different verticals, from Payment to IoT, to Automotive or Cryptography for Defense applications.
Whether your products will classify as Default, Class I or Class II, the Applus+ Cyber Resilience Conformity mark:
Contact us to learn more about how Applus+ Cyber Resilience Mark can elevate your cybersecurity posture and provide a competitive edge in today's digital world.
Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.
They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy.
They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy.