Akin Attorneys Analyze EU Cyber Resilience Act Compliance Strategies
Akin's cybersecurity experts discuss the EU Cyber Resilience Act's broad scope and compliance requirements for international companies.
Akin's cybersecurity, privacy, and data protection senior counsel, Rita Heimes and Jenny Arlington, have co-authored an article in the Cybersecurity Law Report titled "What International Companies Should Do to Comply With the E.U. Cyber Resilience Act." The piece examines the European Union's Cyber Resilience Act (CRA), a comprehensive regulation governing digital products in the EU market. The authors highlight the CRA's extensive reach, encompassing most network-connected software and hardware, and emphasize its secure-by-design mandates, ongoing security obligations, and substantial penalties for non-compliance. They note that the CRA poses significant operational and financial risks for international companies, especially those offering "important" or "critical" products. The article also outlines the CRA's phased implementation timeline, with obligations commencing in June 2026 and mandatory vulnerability reporting starting on September 11, 2026. It identifies five priority steps companies should take to prepare for compliance and maintain access to the EU market.
Source
akingump.comFact-checking
Fact-check the facts of the article using external sources and databases.