Summary
The EU Cyber Resilience Act (CRA) includes specific provisions and support measures tailored to the unique needs of microenterprises and small and medium-sized enterprises (SMEs), including start-ups. These measures aim to facilitate compliance with the Regulation, reduce administrative burdens, and promote innovation while ensuring cybersecurity standards.
Relevant CRA Provisions
Recitals: Recital 5, Recital 6, Recital 93, Recital 94, Recital 96, Recital 127, Recital 128
Articles: Article 33
Detailed Explanation
The CRA acknowledges the distinct challenges faced by SMEs in complying with cybersecurity regulations. To address these challenges, the Regulation provides several tailored measures. Recital (5) specifies that the classification of enterprises should follow the provisions of Recommendation 2003/361/EC. Recital (6) calls for Commission guidance to assist SMEs, particularly regarding the scope of the Regulation and its implications. Recital (93) and Article 33(5) allow SMEs to use a simplified technical documentation form to reduce administrative costs. Recital (96) encourages conformity assessment bodies to consider the specific needs of SMEs when setting fees. Recital (127) and (128) promote the use of financial and technical support from Union programmes and the establishment of regulatory sandboxes to facilitate compliance. Recital (94) highlights the need to protect innovation by considering the interests of SMEs, including reducing translation costs for mandatory documentation.
Obligations for Stakeholders
- Member States: Organize awareness-raising and training activities, establish communication channels, support testing and conformity assessment, and consider setting up regulatory sandboxes (Article 33).
- Commission: Provide guidance for SMEs, advertise financial support, and specify a simplified technical documentation form (Article 33).
- SMEs: Utilize available support measures, including simplified documentation and regulatory sandboxes, to facilitate compliance with the CRA.
Leave a Reply