INDUSTRY INITIATIVE
ei3 and OMAC release guide on EU CRA Act compliance best practices
Cyber attacks pose a significant threat to businesses, with projected damages reaching $10.5 trillion USD annually by 2025. The European Commission has responded with the Cyber Resilience Act (CRA), requiring compliance for all digital products sold in EU markets. Non-compliance penalties are severe, with fines up to 15,000,000 EUR or 2.5% of total annual turnover. To assist business leaders in navigating CRA compliance and mitigating associated risks, Adam Griffen, ei3’s Product Manager, led OMAC’s EU-CRA task force in collaboration with 18 industry experts to deliver an insightful executive report
Through conducting thorough discussions and surveys, they offer practical insights and up-to-date information on various aspects of the CRA. Their collective expertise delves into critical areas such as the legislative progress and potential enactment timeline of the CRA, industries and entities affected by the CRA, guidelines on designing products for cybersecurity, establishing best practices, etc – ensuring organizations safeguard their products and customers.
About the CRA Act Guide Document & Task Force
TOPICS
Essential Message
Sheds light on the rising threat of cyber attacks globally, which has resulted in the EU establishing the CRA with significant penalties for non-compliance.
CRA Executive Summary
Outlines the CRA Act, highlighting how it applies to all products with digital elements, with set minimum security requirements and vulnerability handling procedures.
Current Status of the Legislation
Provides the latest information on the progress and potential enactment timeline of the CRA, ensuring businesses stay informed and prepared for compliance.
Businesses Impacted by the CRA
Highlights how compliance responsibilities extend throughout the product lifecycle, involving various economic operators in the supply chain, including the Manufacturer, Importer, Authorized Representative, and Distributor.
Security Properties of Products with Digital Elements
Provides insights into the design requirements for products to achieve an appropriate level of cybersecurity and emphasizes the importance of manufacturers in consistently updating documentation and delivering security updates.
Security Vulnerability Handling Procedures
Breaks down how manufacturers must promptly report security vulnerabilities to ENISA and provide necessary documentation, including a Software Bill of Materials (SWBOM).
Compliance Evidence and Certification Procedures
Describes the process of proving EU-CRA compliance and outlines what it entails, including providing evidence of adherence to product lifecycle and vulnerability handling processes.
Good Practices and Practical Guidance
Offers information on practical best practices for businesses as a whole, as well as product-specific insights for effective compliance and cyber resilience.
PARTICIPATING ORGANIZATIONS
This task force draws upon a diverse range of industry expertise, offering insights from machine builders, technology providers, system integrators, and end users. Participating organizations include:
- Global OEM’s such as ID Technology, ProMach, Markem-Imaje, Rychiger Group, Mettler-Toledo,
- Leading Manufacturing Companies such as Corning, P&G, and Arla Foods
- System Integrators like MartinCSI
- Technology Companies like ei3 Corporation, Mitsubishi Electric, Cisco, Domino Printing Sciences, Siemens, and Rockwell Automation, and
- Industry Associations like PMMI
