Home / EU Law / Data protection and cybersecurity / Cybersecurity
Powered by Lexis+®
Jurisdiction(s):
European Union

EU Cyber Resilience Act: material, personal and territorial scope; product classification; exemptions; and obligations of manufacturers, importers, distributors and open‑source stewards when placing products on the EU market

Copyright © 2026 LexisNexis
Published by a LexisNexis EU Law expert
Practice notes
imgtext

This Practice Note outlines the material, personal and territorial reach and application of Regulation (EU) 2024/2847, the EU Cyber Resilience Act (CRA). It further sets out how products are categorised under the CRA, including non‑critical, important and critical products. For further background on the CRA and the key obligations placed on economic operators, see the following Practice Notes:

  • The EU Cyber Resilience Act—overview and regulatory framework
  • The EU Cyber Resilience Act—obligations, compliance and enforcement

The CRA is the first EU measure of its kind, imposing mandatory cyber security standards for ‘products with digital elements’ across the Union. Items failing to satisfy these requirements will be barred from sale on the EU market from December 2027 onwards. Meeting the CRA will therefore be vital for market entry into the EU for both hardware and software. Manufacturers, importers and distributors of such products will shoulder extensive cyber security duties and may face significant financial penalties if they fail to comply. The CRA was published in the Official Journal of the EU (OJEU) on 20 November 2024, and subsequently took effect on 10 December 2024, and will apply in full from 11 December 2027 across the EU.

Material scope

The CRA’s material scope...

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.
CONTINUE READING
Henrik Hanssen
Dr Henrik Hanssen

Hogan Lovells International LLP

Henrik Hanssen is an expert for data, data privacy, AI, IT, cybersecurity, e-commerce and digital media law. He advises national and international companies on regulatory challenges in the digital sector and represents his clients in contract negotiations, proceedings with regulators and in court proceedings. He brings extensive experience in the creation of practicable solutions to challenges under regulations such as the GDPR, the EU Data Act and EU AI Act, whether it is the evaluation of new products, coordinating regulatory compliance implementation projects, the drafting of policies, notices, agreements and other legal texts, in-house trainings or contentious matters.  Due to several secondments, including with a leading global cloud computing provider, Henrik has special expertise in the tech industry and the field of cloud computing, and is familiar with the work and view of an in-house counsel. Prior to his career as attorney, Henrik studied law in Kiel with a...

Web page updated on 21/05/2026

Popular documents

Using the Judicial College Guidelines to assess general damages in personal injury claims

When evaluating a general damages claim, the practitioner ought initially to refer to the Judicial College Guidelines (JCG)...

Read More Right Arrow
Tomlin orders in England and Wales: CPR guidance on drafting, confidentiality, approval, variation, enforcement, limitation, CCA issues, court-specific requirements, sample wording and precedents

This Practice Note This Practice Note reviews mechanisms used in settling litigation. A Tomlin order consists of a consent order paired with a schedule. It operates to stay proceedings on terms that have been agreed. The provisions contained in the schedule may remain confidential. This Practice Note describes the scope of confidentiality attaching to the schedule and sets out how it differs from a standard consent order. Sample wording for a Tomlin order is included, alongside links to precedents, as well as guidance on court approval. It also addresses varying, setting aside and enforcing a Tomlin order, including the considerations the court will take into account when handling applications for each. Further guidance is provided on interpreting and applying the relevant provisions of the CPR; however, some courts and divisions impose very specific requirements for both drafting and approval, and for approaching the schedule and confidentiality issues. Accordingly, you must consider the particular rules and court guide provisions in the forum where your claim is proceeding when drawing up the Tomlin order...

Read More Right Arrow
Precedent: Deed of Surrender of Lease with Optional Premium, Settlement and Release, Landlord, Mortgagee and Guarantor Consents, Reimbursement and HM Land Registry Provisions (England and Wales)

Date [ date ] Parties [ name of Landlord ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Landlord) [ name of Tenant ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Tenant) [ [ name of Guarantor ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Guarantor) ] [ [ name of Mortgagee ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Mortgagee) ] Definitions Within this Deed, the terms below shall be interpreted as follows: [ Annual Rent • the annual sum reserved under the Lease; ] [ Insurance Rent • the Tenant’s share of the Landlord’s costs of insuring the Property (as set out in the Lease); ] Lease • the lease of the Property dated [ date ], entered into between (1) [ the Landlord OR [ name ...

Read More Right Arrow
Precedent Statutory Declaration: Standard Wording under the Statutory Declarations Act 1835

I, [ name ], of [ address ], solemnly and sincerely state that: [ Matters to be verified, set out in numbered paragraphs ] I make this solemn statement in good conscience, believing it to be true, and pursuant to the provisions of the Statutory Declarations Act 1835. DECLARED at [ details ] this [ day ] day of [ month and year ] Before me ................................................................................ [ signature of the person before whom the declaration is made ] A [ commissioner for oaths OR [ solicitor OR [ insert other qualification ] ] authorised to administer oaths ]...

Read More Right Arrow

Discover more from LexisNexis