The European Union has implemented a new law to strengthen the security of smart devices under the Cyber Resilience Act (CRA).Â
The legislation requires manufacturers to offer software updates and security fixes to address vulnerabilities throughout a product’s life cycle.
Compliance with the law will not be mandatory until December 2027, giving companies time to align with its standards.
The law targets connected devices such as smartwatches, internet-enabled toys, and home appliances.
Exceptions apply to certain devices, such as medical devices and vehicles, already covered by other EU regulations.
 Retailers and distributors are also responsible for ensuring that their products meet these new security requirements.
Manufacturers can use the CE marking to show that their products comply with the CRA.
Non-compliance will result in penalties managed by each country’s regulatory body.
 The maximum fine for significant breaches is 2.5% of global annual turnover or €15 million, while other breaches may incur lower fines.
This shift places more accountability on companies to prioritize consumer safety and cybersecurity as digital technology continues to expand across homes and daily life.
