Summary

The Cyber Resilience Act (CRA) aims to foster innovation in cybersecurity technologies by creating supportive frameworks and incentives for research and development. This enhances the overall security ecosystem within the EU.

Relevant CRA Provisions

Recitals: Recital 7, Recital 23, Recital 127, Recital 128

Articles: Article 10, Article 12

Detailed Explanation

The CRA supports innovation in cybersecurity technologies through several mechanisms. Recital (7) highlights the need for an ambitious regulatory framework to establish specific Union cybersecurity requirements for digital products. Recital (23) emphasizes the importance of adequate cybersecurity skills and the need for Member States to ensure that market surveillance authorities and conformity assessment bodies are staffed by adequately trained professionals. Recital (127) and (128) provide support to microenterprises and small and medium-sized enterprises, including start-ups, to facilitate their compliance with the CRA and enhance their capacity and skills related to cybersecurity.

Article 10 focuses on enhancing skills in a cyber resilient digital environment by promoting measures to develop cybersecurity skills and increase collaboration between various stakeholders. Article 12 addresses high-risk AI systems, ensuring they comply with essential cybersecurity requirements and can participate in AI regulatory sandboxes, thus fostering innovation while maintaining security standards.

Obligations for Stakeholders

  • Member States: Promote measures to develop cybersecurity skills, support microenterprises and SMEs, and ensure that market surveillance authorities and conformity assessment bodies are adequately staffed with trained professionals.
  • Manufacturers: Ensure their staff has the necessary cybersecurity skills to comply with the CRA’s obligations. Participate in AI regulatory sandboxes for high-risk AI systems.
  • Microenterprises and SMEs: Utilize available support from the Digital Europe Programme, European Cybersecurity Competence Centre, and other Union programmes to enhance their cybersecurity capabilities and compliance with the CRA.