News and analysis about cybersecurity standards.
View All Tags
On November 20, 2024, the Cyber-Resilience Act (CRA) was officially published in the EU's Official Journal as Regulation (EU) 2024/2847. This marks the final, formal step in a legislative process that will fundamentally reshape the market for connected devices.
The NIS 2 Directive (EU 2022/2555) was published in the Official Journal of the EU in December 2022, officially replacing the original NIS Directive. This new legislation significantly expands the scope of Europe's cybersecurity rules, imposing stricter risk-management and reporting obligations on a wider range of critical sectors.
In a move with major implications for the connected device market, the European Commission published Delegated Regulation (EU) 2022/30 in January 2022. This act officially activated the dormant cybersecurity clauses within the Radio Equipment Directive (RED), turning what were once recommendations into hard legal requirements.
In a significant step forward for cybersecurity, ETSI formally published EN 303 645 in June 2020. This standard establishes a baseline for the security of internet-connected consumer devices, providing a practical, risk-based framework for manufacturers.