Jurisdiction(s):
European Union

EU Cyber Resilience Act (Regulation (EU) 2024/2847): obligations across the supply chain, standards and CE marking, conformity assessment, vulnerability reporting, enforcement, penalties and practical steps for compliance

Published by a LexisNexis EU Law expert

Practice notes

This Practice Note sets out the responsibilities of manufacturers, authorised representatives, importers and distributors under Regulation (EU) 2024/2847, the EU Cyber Resilience Act (CRA). It further considers enforcement and sanctioning under the CRA and explains what the new obligations mean for organisations in practical terms. For additional background and scope on the CRA, see the following Practice Notes:

The EU Cyber Resilience Act—overview and regulatory framework
The EU Cyber Resilience Act—scope and classification of products

The CRA is landmark EU legislation introducing mandatory cybersecurity requirements for ‘products with digital elements’ across the EU. Any product that fails to meet those requirements will be ineligible for placement on the EU market from December 2027. Accordingly, adherence to the CRA will be critical for securing access to the EU market for both hardware and software products. Manufacturers, importers and distributors of such products will shoulder extensive cybersecurity duties and risk substantial fines where they do not comply. The CRA was published in the Official Journal of the EU (OJEU) on 20 November 2024, entered into force on 10 December 2024, and will apply in full from 11 December 2027.

Manufacturer obligations

The CRA...

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Dr Henrik Hanssen

Hogan Lovells International LLP

Henrik Hanssen is an expert for data, data privacy, AI, IT, cybersecurity, e-commerce and digital media law. He advises national and international companies on regulatory challenges in the digital sector and represents his clients in contract negotiations, proceedings with regulators and in court proceedings. He brings extensive experience in the creation of practicable solutions to challenges under regulations such as the GDPR, the EU Data Act and EU AI Act, whether it is the evaluation of new products, coordinating regulatory compliance implementation projects, the drafting of policies, notices, agreements and other legal texts, in-house trainings or contentious matters. Due to several secondments, including with a leading global cloud computing provider, Henrik has special expertise in the tech industry and the field of cloud computing, and is familiar with the work and view of an in-house counsel. Prior to his career as attorney, Henrik studied law in Kiel with a...

Web page updated on 21/05/2026

Popular documents

Using the Judicial College Guidelines to assess general damages in personal injury claims

When evaluating a general damages claim, the practitioner ought initially to refer to the Judicial College Guidelines (JCG)...

Tomlin orders in England and Wales: CPR guidance on drafting, confidentiality, approval, variation, enforcement, limitation, CCA issues, court-specific requirements, sample wording and precedents

This Practice Note This Practice Note reviews mechanisms used in settling litigation. A Tomlin order consists of a consent order paired with a schedule. It operates to stay proceedings on terms that have been agreed. The provisions contained in the schedule may remain confidential. This Practice Note describes the scope of confidentiality attaching to the schedule and sets out how it differs from a standard consent order. Sample wording for a Tomlin order is included, alongside links to precedents, as well as guidance on court approval. It also addresses varying, setting aside and enforcing a Tomlin order, including the considerations the court will take into account when handling applications for each. Further guidance is provided on interpreting and applying the relevant provisions of the CPR; however, some courts and divisions impose very specific requirements for both drafting and approval, and for approaching the schedule and confidentiality issues. Accordingly, you must consider the particular rules and court guide provisions in the forum where your claim is proceeding when drawing up the Tomlin order...

Precedent: Deed of Surrender of Lease with Optional Premium, Settlement and Release, Landlord, Mortgagee and Guarantor Consents, Reimbursement and HM Land Registry Provisions (England and Wales)

Date [ date ] Parties [ name of Landlord ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Landlord) [ name of Tenant ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Tenant) [ [ name of Guarantor ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Guarantor) ] [ [ name of Mortgagee ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Mortgagee) ] Definitions Within this Deed, the terms below shall be interpreted as follows: [ Annual Rent • the annual sum reserved under the Lease; ] [ Insurance Rent • the Tenant’s share of the Landlord’s costs of insuring the Property (as set out in the Lease); ] Lease • the lease of the Property dated [ date ], entered into between (1) [ the Landlord OR [ name ...

Precedent Statutory Declaration: Standard Wording under the Statutory Declarations Act 1835

I, [ name ], of [ address ], solemnly and sincerely state that: [ Matters to be verified, set out in numbered paragraphs ] I make this solemn statement in good conscience, believing it to be true, and pursuant to the provisions of the Statutory Declarations Act 1835. DECLARED at [ details ] this [ day ] day of [ month and year ] Before me ................................................................................ [ signature of the person before whom the declaration is made ] A [ commissioner for oaths OR [ solicitor OR [ insert other qualification ] ] authorised to administer oaths ]...