Cyber Resilience Act: Standardization Request Officially Accepted by CEN, CENELEC, and ETSI

On 3 April, the Standardization Request for the Cyber Resilience Act (CRA) was officially accepted by CEN, CENELEC, and ETSI. In response to Mandate M/606 from the European Commission, the three European Standardization Organizations have committed to delivering harmonized standards well in advance – at least one year before the CRA enters into application.

These standards are vital to implementing the CRA and ensuring a consistent and robust approach to cybersecurity across the European Single Market, especially in the face of rapidly evolving digital threats.

 

The development of these standards is led by several technical committees, which play a central role in defining harmonized European Standards aligned with the essential cybersecurity requirements defined in the CRA. Their work supports manufacturers and developers in embedding cybersecurity-by-design and by-default principles into their products and systems – fully aligned with European values and regulatory expectations.

Two Classes of Standards

To meet the CRA’s diverse needs, the standardization effort will be divided into two classes:

  • Horizontal standards: Product-agnostic and framework-oriented, providing foundational guidance applicable across sectors.
  • Vertical standards: Product-specific, offering targeted requirements for particular categories of digital products.

Committees Involved

At CEN and CENELEC, the following groups are leading the work:

  • CEN-CLC/JTC 13 WG 9 and WG 6
  • CEN/TC 224 WG 17
  • CLC/TC 65X WG 3
  • CLC/TC 47X

At ETSI, a dedicated group has been established within ETSI TC CYBER. This new entity, the ETSI EUSR, will be responsible for delivering all standardization outputs assigned to ETSI under the CRA mandate.

 

Click here to access the full work programme and explore the deliverables assigned to each technical committee.

 

In a short introductory video, Ben Kokx, convenor of the CEN-CLC/JTC 13 WG 9, explains the purpose of the horizontal standards and extends an open invitation to stakeholders to join the CRA standardization efforts and contribute to shaping Europe's cybersecurity future.

SIMILAR NEWS

Our use of cookies

We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. We won't set optional cookies unless you enable them. Using this tool will set a cookie on, your device to remember your preferences.

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

We'd like to set Google Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone.

I accept all cookies
)