Ready for the Cyber Resilience Act?

The new European regulations from the Cyber Security Initiative were adopted by the EU Parliament in mid-March 2024 and are due to come into force in 2027.

It states that from 2027, all products and devices with digital elements may only be sold in the EU if regular security updates can be installed.

With the Cyber Resilience Act, the EU intends to encourage European companies and the economy as a whole to adopt higher security standards. The concept of "security by design & security by default" is intended to help ensure that security aspects are already taken into account during product development. The effects of the legislation can be serious. Porsche, for example, is stopping sales of the Macan in the EU because it cannot guarantee that it can be updated.

The answer to this is comparatively simple: if you want to sell devices in the EU in 2027 or later that have digital elements - i.e. a combination of hardware and software - then yes. This now applies to almost all devices that have a certain level of intelligence.

Particular attention is being paid to so-called "connected products". These are all products that have an interface. These include Wi-Fi, LAN, NFC, but also all industrial interfaces such as Modbus, CAN and RS485.

As blue-zone, we support our customers in these areas both in consulting and in the implementation or development support for their smart products. This applies both to the development of new products and to the updating of existing products to make them fit for the Cyber Resilience Act.