Europe’s digital transformation is increasing exposure to cyber threats. Yet many products and services still lack “security by design and by default” across their life cycle. The Cyber Resilience Act (CRA) addresses this by setting uniform, binding cybersecurity standards across the EU, strengthening trust in digital technologies and supporting Europe’s competitiveness.
We welcome the goals of the CRA. This position paper proposes numerous solutions to make the CRA workable in practice until it comes into full effect. Key recommendations include aligning the CRA with sector-specific rules and international standards to avoid duplicate testing, setting realistic timelines and transitional arrangements, and taking a pragmatic, risk-based approach to legacy products to prevent market disruption.
