The Cyber Resilience Act (CRA) is now officially in force (on 10 December 2024). The CRA lays down cybersecurity requirements for placing products with digital elements (i.e. hardware and software) on the EU market, and is intended to enhance their overall security. 

Keep a look out for our forthcoming practical guide on the CRA. Whilst the bulk of the requirements will fall on the manufacturer, and will be triggered in three years' time, some will start earlier. So, with GDPR-level fines in play, there's every reason to start assessing your role in the supply chain, which of your products are likely to be in scope of the CRA, and the requirements that will apply. More to follow shortly.