ediverse Explorer la plateforme

À la une PEPPOL BIS Billing 3.0 L’obligation européenne d’e-invoicing arrive : France sept 2026, Belgique janv 2026, Allemagne 2025.

CRA-CYBER-RESILIENCE-ACT

CRA Cyber Resilience Act compliance regulation modern detailed.

Définition

CRA (Cyber Resilience Act) est l'EU Regulation 2024/2847 publie 20 novembre 2024 (entry into force 11 decembre 2024, application 11 decembre 2027 except reporting obligations 11 septembre 2026) qui impose cybersecurity requirements toutes products with digital elements (PDEs) placed on EU market (~hardware + software produits IoT + apps + games + smart home + industrial + medical devices except deja regules NIS2 + DORA + Medical Devices Reg + aviation + cars), incluant secure-by-design + secure-by-default + vulnerability handling + 24/7/365 24-hour incident notification + 5 ans support coverage minimum. Detail technique + scope d'application + obligations conformite + sanctions non-conformite + processus reporting + impact entreprises in-scope + alignement avec regulations adjacentes nationales + internationales + governance + supervisory authorities + timeline implementation + transitions + jurisprudence + best practices documentation industry adoption.

Origine

EU Regulation 2024/2847 CRA published 20 novembre 2024 ; entry into force 11 decembre 2024 ; application 11 decembre 2027 ; reporting obligations 11 septembre 2026.

Exemple en contexte

Smart home device manufacturer Philips Hue sells smart lightbulbs in EU : CRA compliance 2027+ requires (1) Conformity assessment via internal control or notified body (depending product class default standard + critical CRA Annex III), (2) CE marking with cybersecurity assessment, (3) Vulnerability handling + monthly security updates + 5-year minimum support, (4) Actively exploited vulnerability report ENISA within 24 hours discovery + incident report 72 hours, (5) Software Bill of Materials SBOM publication + maintenance.

Termes liés

Dernière mise à jour: 16 mai 2026