TÜV NORD subsidiary TÜVIT supports companies in implementing the Cyber Resilience Act
TÜV NORD GROUP welcomes the Cyber Resilience Act (CRA) of the European Union, which has just come into force. It lays down binding cyber security requirements for networked devices and software, including smart televisions, smart toys and fitness bracelets. TÜV NORD GROUP believes that the new regulation is a significant step towards increased security and protection for consumers and companies in the digital world.
The CRA aims to strengthen the resilience of digital products against cyber attacks. Jacques Kruse Brandao, Global Head of Advocacy at TÜVIT, a TÜV NORD GROUP company, explains: “The Cyber Resilience Act establishes, for the first time, mandatory security requirements for almost all connected devices and software on the market in the EU. This is a decisive step forward for cyber security.”
The CRA obliges manufacturers, retailers and importers to take IT security and data protection into account as early as the development process. This is done according to the principles of “security by design” and “privacy by design”. IT expert Kruse Brandao: “The devices must be configured in such a way that they can be operated securely straight away. Security updates must be installed automatically in order to close any vulnerabilities that are subsequently discovered as quickly as possible”
TÜVIT offers comprehensive services to support manufacturers in complying with these new requirements. For example, tests ensure that products meet the high security standards. “Manufacturers who have so far paid little attention to cybersecurity should reorganize their development processes. We at TÜVIT are ready to accompany them on this path,” emphasizes Kruse Brandao.
The CRA came into force on December 11, 2024 and includes transitional periods until 2027 to give manufacturers time to adapt. Vulnerabilities exploited by hackers must be reported to customers and authorities as early as September 2026 “The supervisory authorities will check whether the requirements have been met. Violations could result in fines of up to 15 million euros or up to 2.5 percent of annual global turnover,” Kruse Brandao explains.
Further information can be found here.
Founded over 150 years ago, we stand for security and trust worldwide. As a knowledge company, we have our sights firmly set on the digital future. Whether engineers, IT security experts or specialists for the mobility of the future: in more than 100 countries, we ensure that our customers become even more successful in the networked world.