Summary

National Cybersecurity Authorities play a crucial role in enforcing and supporting the implementation of the Cyber Resilience Act (CRA) by ensuring compliance with cybersecurity requirements, promoting skill development, and facilitating cooperation among market surveillance authorities.

Relevant CRA Provisions

Detailed Explanation

The CRA emphasizes the importance of National Cybersecurity Authorities in ensuring the cybersecurity of products with digital elements within the EU. These authorities are responsible for conducting market surveillance, verifying compliance with the CRA’s requirements, and addressing cybersecurity risks. They are encouraged to engage in joint activities with other authorities to enhance their effectiveness. Additionally, the CRA highlights the need for collaboration between national authorities and other stakeholders, including the private sector and consumers, to develop and enhance cybersecurity skills. This is crucial for the successful implementation of the CRA and for addressing the cybersecurity skills gap within the Union.

Obligations for Stakeholders

National Cybersecurity Authorities: Must conduct market surveillance, ensure compliance with the CRA, engage in joint activities with other authorities, and promote the development of cybersecurity skills among professionals. They should also cooperate with authorities supervising the application of Union data protection law.

Manufacturers: Should ensure that their staff possess the necessary cybersecurity skills to comply with the CRA’s obligations. They are encouraged to engage in re-skilling or up-skilling initiatives.

Member States: Are required to ensure that market surveillance authorities and conformity assessment bodies are adequately staffed with professionals having the necessary cybersecurity skills. They should also support manufacturers, especially microenterprises and SMEs, in skill development for compliance with the CRA.