Sophia Antipolis, France, 12 June 2025

ETSI is pleased to announce that its work in response to a new standardization request from the European Commission (EC) under the Cyber Resilience Act is well underway. ETSI’s work programme is being developed to facilitate the implementation of harmonized European cybersecurity standards for digital products across the EU market and beyond.

As part of the EC continuing efforts to establish a EU-wide regulatory framework for cybersecurity in products with digital elements, the recently published Cyber Resilience Act (CRA) now introduces mandatory security requirements for hardware and software throughout their entire lifecycles. It applies to all connected products with digital elements and works alongside the NIS2 Directive, which strengthens cybersecurity measures for essential and important entities.

ETSI is playing a decisive role in implementing the CRA by developing uniform harmonized European standards for several different product families, including items that are exposed to greater risk of compromise such as password managers, anti-virus software, smart home assistants, connected toys and wearables. ETSI is leading technical work for multiple vertical standards under the CRA. These technical standards will support consistent implementation of CRA essential requirements and provide the whole supply chain with an instrument to demonstrate compliance, with impact both across the EU and beyond.

The CRA will have a broad and transformative impact across the landscape of products with digital elements. It applies to manufacturers, importers, distributors, service providers, and developers of all commercially available hardware and software products. For businesses of all sizes, it introduces streamlined, EU-wide standards that simplify compliance, and creates a more consistent regulatory environment across member states. 

Particularly for SMEs and Micro-SMEs, it lowers the legal costs associated with entry in diverse markets and facilitates global trade. It also levels the playing field in terms of market credibility, as this will now be perceived through the presumption of conformity provided by these Harmonised Standards instead of solely through branding power.

For consumers, those standards enhance trust by requiring stronger built-in security, and better protection of personal data and privacy. 

From an innovation standpoint, it promotes a secure-by-design approach, driving the development of safer, more resilient technologies and strengthening the global competitiveness of EU products with digital elements.

As digital transformation accelerates across every facet of commerce and society, ETSI’s ability to bring together diverse global expertise will greatly enhance the cybersecurity and privacy of the European citizens", said Jan Ellsberger, Director-General at ETSI.

For more information, please visit: https://www.stan4cra.eu

About ETSI

ETSI is one of only three bodies officially recognized by the European Union as a European Standards Organisation (ESO). It is an independent, not-for-profit body dedicated to ICT standardization. With over 900 member organizations from more than 60 countries across five continents, ETSI offers an open and inclusive environment for members representing large and small private companies, research institutions, academia, governments, and public organizations. ETSI supports the timely development, ratification, and testing of globally applicable standards for ICT-enabled systems, applications, and services across all sectors of industry and society.

Contact
Email: Press@etsi.org