EU's Cyber Resilience Act tightens rules—executives now face personal liability
The EU’s Cyber Resilience Act (CRA) has reshaped cybersecurity rules for businesses since its introduction in December 2024. The law now requires manufacturers, importers and distributors of products with digital components to meet strict security standards. Companies failing to comply risk serious consequences, including personal liability for executives. The CRA demands that security be built into products from the earliest design stages. This includes safeguarding all embedded third-party elements, placing full responsibility on manufacturers. By 11 September 2026, firms must also report actively exploited vulnerabilities and major security incidents within set deadlines.
To ease the transition, the EU’s SECURE programme provides €16.5 million in direct funding for small and medium-sized enterprises (SMEs) developing or distributing digital products. However, Germany’s draft law for implementing the CRA has faced criticism for not offering enough support to these businesses. Compliance with the CRA is now a boardroom priority. Beyond avoiding penalties, meeting its requirements can give companies an advantage in the market.
The first mandatory reporting rules under the CRA will begin in September 2026. Businesses must ensure their products meet the new cybersecurity standards or face legal and financial risks. Executives will also be held personally accountable if their companies fail to comply.
Read also:
- Federal Funding Supports Increase in Family Medicine Residency Program, Focusing on Rural Health Developments
- Potential Role of DHA in Shielding the Brain from Saturated Fats?
- Alternative Gentle Retinoid: Exploring Bakuchiol Salicylate for Sensitive Skin
- Hanoi initiates a trial program for rabies control, along with efforts to facilitate the transition from the dog and cat meat trade industry.
