The CRA, which was recently adopted by the Council of the European Union's Ministers of the Interior, is intended to better ensure the cybersecurity of products entering the European market.
Experts at the VDE Institute welcome this cybersecurity upgrade within the EU. ‘Any measure that increases consumer protection also increases security and trust in connected products,’ emphasizes Alexander Matheus, Senior Expert for Cybersecurity at the VDE Institute. At the same time, however, he points out that the CE mark is not a safety mark. ‘At the moment, it is not yet clear what cybersecurity for the CRA will look like in detail. However, we assume that proof can be provided via self-created documents.’ This carries the risk that distributors could be overwhelmed by cybersecurity requirements. And consumers will hardly be able to check whether all requirements have actually been met based on the documents and thus whether they are looking at a secure product or system.
The VDE Institute is developing certificates of compliance that are intended to cover the requirements of the CRA. This way, consumers will have an even better overview of the cybersecurity of a product. The VDE Institute has years of experience in testing cybersecurity and data security. Preliminary audits and workshops on the CRA are already available. In free online seminars, manufacturers and distributors can also keep up to date with the latest requirements.
