Regulation of Products with Digital Elements
The European Union Cyber Resilience Act (CRA) aims to safeguard personal and business consumers from cybersecurity threats, focusing on software and hardware products with digital elements. The CRA went into effect on Dec. 10, 2024 and requires security measures throughout a product's entire lifecycle. It emphasizes secure development processes, the ability to address vulnerabilities through updates, and mechanisms to remove personal information when necessary. The main requirements of the CRA go into effect on Dec. 11, 2027.
We support CRA compliance in two key ways. Many of our devices are directly subject to CRA regulations, and many others are integrated into hardware products that fall under these regulations. Our longstanding dedication to security means that numerous products have already been designed, developed, and manufactured in alignment with CRA objectives. As the CRA standards are finalized, we will ensure our products achieve full compliance within the designated enforcement timeline.
Renesas is committed to helping you find the resources you need as you work toward CRA compliance. From documentation and design resources to our network of security solution providers, we offer tools to help you understand what the CRA means for your products. Refer to this page for updates on how we are working to support CRA requirements.
CRA Requirements
CRA requirements seek to enhance security for digital products in several ways, each with a specific purpose.
CRA Requirement | Purpose | |
---|---|---|
Image
![]() | Secure Firmware Updates | Address security vulnerabilities and maintain up-to-date protection against the latest threats. |
Image
![]() | Unauthorized Access Protection | Protect the operation and behavior of products and their associated data. |
Image
![]() | Secure Data Storage | Protect the confidentiality and integrity of stored data. |
Image
![]() | Secure Communication | Protect the confidentiality and integrity of transmitted data. |
Image
![]() | Secure Boot | Protect product operation and behavior. |
It is important to reference official sources to determine CRA requirements as they pertain to your specific products and applications.
- European Commission Cyber Resilience Act
- Official Journal of the European Union – the official text of the Cyber Resilience Act