What does the new Cyber Resilience Act mean for embedded developers?
Direct Insight, has published a ‘101’ to assist embedded developers to understand new EU legislation which will require companies to consider the cyber security of any products that carry the CE mark. The EU Cyber Resilience Act (CRA) will become EU law this year, and non-compliance penalties start at €15m.
Commented David Pashley, CEO of Direct Insight: “Even with many years of experience in developing secure systems, the CRA is a complex, 338-page document. But If you normally CE mark your products in order to sell them in the EU, then your products must comply, no matter where you are based.”
The most pressing items to consider are secure boot, and a secure update process (ideally OTA), as these may be difficult features to add retrospectively.
Full details and a clear explanation of the CRA are provided in a new blog – the first of a series – https://blogs.directinsight.co.uk/eu-cyber-resilience-act-101-for-embedded-developers/.