{"id":6022,"date":"2024-11-25T08:07:23","date_gmt":"2024-11-25T08:07:23","guid":{"rendered":"https:\/\/gitprotect.io\/blog\/?p=6022"},"modified":"2025-01-31T09:02:19","modified_gmt":"2025-01-31T09:02:19","slug":"cyber-resilience-act-what-does-it-mean-for-your-digital-business","status":"publish","type":"post","link":"https:\/\/gitprotect.io\/blog\/cyber-resilience-act-what-does-it-mean-for-your-digital-business\/","title":{"rendered":"Cyber Resilience Act: What Does It Mean For Your Digital Business?"},"content":{"rendered":"\n

Software developers push thousands of lines of code every day, helping enterprises shape the tools and applications we all rely on, starting from banking<\/u><\/a> to entertainment. However, we shouldn\u2019t forget that behind every successful deployment lies a hidden challenge – what cyber security measures should be taken to protect the source code, hardware and software products, and critical company and customer data?\u00a0<\/p>\n\n\n\n\n\n\n\n

To help digital businesses address cyber threats and improve their cyber resilience, the European Commission proposed Cyber Resilience Act (CRA). So, let\u2019s get a sneak peek at what CRA is, how to meet its requirements, and actually who should follow that regulation. <\/p>\n\n\n\n\n\n

EU Cyber Resilience Act: who is it for?<\/h2>\n\n\n\n

Before we jump at understanding what the CRA is, let\u2019s figure out who this cyber legislation is for. Well, the reach of it is wide – from the companies that operate within the European Union to those that operate outside but supply their services or products to the EU markets. <\/p>\n\n\n\n

Digital technologies such as smart devices, operating systems, software – all of the mentioned is in the focus of the CRA. A broad range of industries, encompassing hardware and software manufacturers, Internet of Things (IoT), device providers, and developers of network-connected critical infrastructure should follow the requirements of the Cyber Resilience Act.<\/p>\n\n\n\n

Are there any exceptions?<\/h3>\n\n\n\n

Free and open-source software that is freely available and not generating income doesn\u2019t fall under the Cyber Resilience Act.<\/p>\n\n\n\n

The exception here is open-source software from which developers can derive income, for example, if it has paid support or commercial data use – then, it will need to comply with the CRA. <\/p>\n\n\n\n

Also, pure SaaS providers that do not process remote data are excluded from the CRA and they shouldn\u2019t comply with the regulation\u2019s requirements.<\/p>\n\n\n\n

What the EU Cyber Resilience Act is<\/h2>\n\n\n\n

Proposed in 2022 by the European Commission and passed by the European Parliament in March 2024, the EU Cyber Resilience Act comes into force on December 10th, 2024. Since that moment organizations have 3 years to ensure that their services and products meet the CRA\u2019s requirements to remain eligible for operating in the EU.<\/p>\n\n\n\n

The main goal of this EU legislation is to address the issue of low-level cybersecurity measures and vulnerabilities that companies face. According to the CRA\u2019s findings<\/u><\/a>:<\/p>\n\n\n\n

\n

\u201cEuropean organizations are the most targeted in the world by cyber attacks\u2026 Attacks will cost US$ 10.5 trillion by 2025, a 15% increase in cost every year.\u201d<\/em><\/p>\n<\/blockquote>\n\n\n\n

The key CRA\u2019s goals<\/h3>\n\n\n\n

Well, let\u2019s sum up the top goals the European Commission sees by adopting the legislation:<\/p>\n\n\n\n