Written By: Mike Medoff, Co-chair of JT 62443-4-1
The clock is ticking for manufacturers selling products with digital elements into the European Union. By December 2027, compliance with the Cyber Resilience Act (CRA) becomes mandatory—meaning if your product doesn't meet these strict security laws, you won't…
The European Union’s Cyber Resilience Act (CRA) is set to introduce mandatory cybersecurity requirements for “products with digital elements”, including those used in Industrial Control Systems (ICS) and Operational Technology (OT) environments. This regulation, slated for enforcement beginning December 2027, aims to enhance cybersecurity across supply chains by…
The European Union Cyber Resilience Act (CRA) is a landmark regulation designed to enhance cybersecurity across hardware and software with digital elements that are offered for sale within the EU. As cyber threats continue to evolve, the CRA introduces mandatory security requirements for manufacturers to ensure that products…
Under the EU Cyber Resilience Act (CRA), product classification drives the compliance path—including the depth of required evidence and whether conformity can be supplier-led or requires third-party involvement. This post explains why programmable logic controllers (PLCs) used in operational technology (OT) environments are generally not “Hardware Security Boxes”…