The Cyber Resilience Act (CRA) introduces a subtle but profound shift in how manufacturers must think about open source software. For years, integrating free and open-source software (FOSS) into products largely meant relying on upstream maintainers for fixes, monitoring vulnerabilities, and updating when patches became available. Under the CRA, that passive model no longer holds. In certain situations, a vulnerability

When a Security Incident Happens Outside the EU: Does the CRA Still Apply? The global nature of cybersecurity raises a practical question for manufacturers. If an actor exploits a vulnerability outside the European Union, do the Cyber Resilience Act (CRA) reporting and remediation obligations still apply? The short answer is yes. If a manufacturer places a product on the EU

Software companies often rely on a familiar distinction: they regulate products, but not services. They have viewed cloud delivery models, subscription-based offerings, and remote processing as business innovations. They have also seen them as ways to reduce regulatory exposure. The EU Cyber Resilience Act (CRA) challenges this assumption. Under the CRA, the key question is not whether a company markets

One of the frequently asked questions surrounding the Cyber Resilience Act (CRA) concerns legacy products. Manufacturers ask whether they can sell older products in the EU after 11 December 2027 without updates. This blog explores the issue amid evolving CRA standards and upcoming compliance deadlines. CRA Scope and Market Placement The CRA applies to products placed on the market from

As cars become more like computers on wheels, cybersecurity is becoming a major concern. With vehicles now connected to the internet and relying heavily on software, protecting them from cyber threats is essential. The Cyber Resilience Act (CRA) is a new European law designed to improve cybersecurity for digital products. While it does not directly apply to cars themselves (since

As cars become more like computers on wheels, cybersecurity is becoming a major concern. With vehicles now connected to the internet and relying heavily on software, protecting them from cyber threats is essential. The Cyber Resilience Act (CRA) is a new European law designed to improve cybersecurity for digital products. While it does not directly apply to cars themselves (since