Summary

The Cyber Resilience Act (CRA) facilitates international trade through Mutual Recognition Agreements (MRAs) with third countries, promoting global cyber resilience and standards harmonization. These agreements enhance compliance and cross-border cybersecurity collaboration.

Relevant CRA Provisions

• Recital (123)
• Article 34

Detailed Explanation

The CRA aims to promote international trade in regulated products with digital elements by establishing Mutual Recognition Agreements (MRAs) with third countries. These agreements are based on mutual acceptance of certificates, marks of conformity, and test reports issued by the conformity assessment bodies of either party. MRAs are concluded with countries that have a comparable level of technical development and a compatible approach to conformity assessment. This facilitates trade and strengthens global cyber resilience by ensuring that products meet consistent cybersecurity standards across borders. The Union may conclude these agreements in accordance with Article 218 TFEU to further facilitate trade and enhance cybersecurity frameworks both within and outside the Union.

Obligations for Stakeholders

Manufacturers, importers, and distributors of products with digital elements must ensure compliance with the CRA’s cybersecurity requirements, particularly when engaging in international trade. They should be aware of the MRAs in place and the mutual acceptance of conformity assessment results. Stakeholders should also stay informed about the standards and requirements of third countries to ensure seamless compliance and market access. Cooperation with market surveillance authorities and adherence to best practices developed under the CRA will further facilitate compliance and enhance cybersecurity across global supply chains.