When a Security Incident Happens Outside the EU: Does the CRA Still Apply? The global nature of cybersecurity raises a practical question for manufacturers. If an actor exploits a vulnerability outside the European Union, do the Cyber Resilience Act (CRA) reporting and remediation obligations still apply? The short answer is yes. If a manufacturer places a product on the EU

Open source is everywhere: Hardly any product today can do without digital components, from electric toothbrushes and baby monitors to smartwatches. Less obvious to many users is the security risk that such products pose for the end users. The new European Cyber Resilience Act (CRA) aims to ensure that consumers receive secure products. The regulation was announced in the EU