- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Type of Threat or Opportunity >
- Trend snippet: Cyber Resilience Act (CRA), European Commission
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Cyber Resilience Act (CRA), European Commission
The Act would see inadequate security features become a thing of the past with the introduction of a harmonized standard and mandatory cybersecurity requirements for manufacturers and retailers of products, with this protection extending throughout the product lifecycle.
The problem addressed by the Regulation is two-fold.
- the inadequate level of cybersecurity inherent in many products, or inadequate security updates to such products and software.
- the inability of consumers and businesses to currently determine which products are cybersecure, or to set them up in a way that ensures their cybersecurity is protected.
When the Regulation enters into force, software and products connected to the internet would bear the CE marking to indicate they comply with the new standards. It will apply to all products connected directly or indirectly to another device or network except for specified exclusions such as open-source software or services that are already covered by existing rules, which is the case for medical devices, aviation and cars.
The general principle is that for the products on the market, a self-assessment of compliance with the requirements will be sufficient. For certain categories of more critical products, the application of harmonised standards will be required. For even more critical products, a third-party assessment will be mandatory.
The act was already passed by the European Parliament but still needs to be officially approved by the Council of the European Union and will officially enter into force on the twentieth day following its publication in the Official Journal of the European Union.