The European Commission adopted the Cyber Resilience Act (CRA) on October 10, 2024 to enhance the cybersecurity of connected products with digital elements, including IoT devices. The CRA sets EU-wide cybersecurity requirements for the design, development, and production of hardware and software, requiring affected products to display the CE marking as proof of compliance.
The CRA enters into force on October 30, 2024, with full application starting 36 months later on October 30, 2027.