Review of the FHI members meeting CRA

On Tuesday 13 May, FHI organised a members meeting on the Cyber Resilience Act (CRA). Experts from the Ministry of Economic Affairs and Kiwa Netherlands came to Leusden especially for the FHI members.

All products with digital elements placed on the market after 11 December 2027 must be designed and manufactured to be inherently secure. The aim of the CRA is to implement cybersecurity at European level in the design and production of the products that European consumers, businesses and organisations use and depend on.

Two experts from the Ministry of Economic Affairs, Brenda van der Wal and Ashley Moes, and ethical hacker and cybersecurity specialist Kevin Veldman from Kiwa will give two presentations for FHI members. After an extensive introduction to the CRA, the experts will delve into the depths and there will be ample time for questions. Those present will gratefully make use of this and will test the experts' substantive knowledge. Van der Wal, Moes and Veldman will provide answers and explanations about the CRA from their own backgrounds and expertise. In doing so, they will provide a good picture of the purpose and scope of this European regulation. In addition, the representatives of the ministry, such as Veldman, will point out that not everything has been included in detail yet. "We are working very hard on the details," Van der Wal assures those present.

For detailed information about the CRA, van der Wal and Moes refer to the website of the RDI, the European Commission and to the text of the CRA in the Official Journal.

Key dates: On December 11, 2024, the CRA entered into force and the preparation phase begins towards December 11, 2027; the date by which all products with digital elements must comply with the CRA. The next important date is September 11, 2026. On this date, the reporting obligation for actively exploited vulnerabilities and incidents comes into effect. Manufacturers are required to report incidents to the NCSC.

At the end of the day, Van der Wal, Moes and Veldman advise the attendees to already make an inventory of what the CRA means for your organization. Forewarned is forearmed: make an inventory and think about what you can do now. The FHI members present nod in agreement and during the closing drinks the attendees continue discussing cybersecurity and the CRA until late in the afternoon.