The CRA ensures that digital products must meet strict cybersecurity requirements before being placed on the European market. Both consumers and business users need to trust that digital products - from digital doorbells to accounting software - are secure.
Responsibility lies with the manufacturer. Are you a manufacturer of digital products? You must ensure your products are secure. Additionally, you are required to provide free security updates throughout the product's lifetime and report any digital vulnerabilities or incidents to customers immediately.
The CRA is expected to apply to all manufacturers, regardless of the size of your company. This is a broader approach compared to NIS2L (Network and Information Security Directive), which only applies to medium and large companies. Every product with digital elements that you want to bring to market in the EU will need to comply with this.
✓ One-stop-shop: services for OT, IT, and IoT under one roof
✓ Independent, objective assessments
✓ Expertise in laws and regulations
✓ Proven quality in testing, inspection, certification and training
✓ Forward-looking vision on cybersecurity
Our experts have deep knowledge and experience in specific fields. Questions, dilemmas, or just curious? We’re happy to share our insights.
Kiwa is now officially accredited for EN 18031 parts 1, 2 and 3 – the newly introduced European cybersecurity standards for products. This accreditation positions Kiwa among the first bodies in Europe to support manufacturers in meeting the requirements of the upcoming EU Cybersecurity Regulation, which becomes mandatory as of 1 August 2025.
The Cyber Resilience Act (CRA) is the first European law to introduce mandatory cybersecurity requirements for all digital products entering the EU internal market. A national consultation was recently concluded in the Netherlands to determine how this law should be implemented Dutch legislation. In the meantime, manufacturers, importers and distributors of products covered by the CRA can already start preparing for what’s to come.
The NEN 7510 standard for information security in the healthcare sector has been revised. The new NEN 7510-1:2024 was published on 16 December 2024 and replaces the previous version, NEN 7510:2017+A1:2020. The old version of the standard can still be used for certification under accreditation until 20 February 2027.
To implement AI safely and responsibly, international standards such as ISO 27001 and ISO 42001 play a crucial role. While ISO 27001 focuses on data protection, an AI management system (AIMS) under ISO 42001 is designed to manage and optimize the use of AI within an organization. By combining ISO 27001 and ISO 42001, businesses can develop a stronger and more proactive approach to information security.
