The Cyber Resilience Act (CRA) is the EU’s new regulation aiming to make digital products — both hardware and software — more secure by design and throughout their lifecycle. It applies to nearly every connected product on the EU market, from smart fridges to SaaS platforms.
But what exactly counts as a “product with digital elements”? What are “essential cybersecurity requirements”? And how does this affect manufacturers, importers, or devs working with open-source?
This thread is for sharing what we understand (or don’t!) about the scope, goals, and implications of the CRA. Feel free to drop your own definition, key takeaways, or burning questions.