Eu cyber resilience act at abb

EU Cyber Resilience Act at ABB

What is the Cyber Resilience Act?

The Cyber Resilience Act (CRA) is a regulation introduced by the European Union to strengthen cybersecurity across products with digital elements, such as smart devices, software, and network-connected hardware. Its goal is to ensure that these products are designed, developed, and maintained with strong cybersecurity protections throughout their lifecycle. Manufacturers are required to conduct risk assessments, provide security updates, and address vulnerabilities proactively. The CRA also mandates that companies report significant security incidents to EU authorities within tight timeframes.

The CRA applies to products with digital elements sold in the EU, whether made locally or imported, though certain categories like medical devices or aviation products are exempt. It will be rolled out gradually, with full compliance required by December 2027. Once the CRA applies, products with digital elements made available on the EU market, whether by EU or non-EU companies, will need to follow the CRA cyber security obligations. By enforcing such mandatory obligations, the EU aims to protect consumers, businesses, and infrastructure from cyber threats in an increasingly connected world.

How is ABB meeting these requirements ?

We recognize the critical importance of cyber security in our offering, from products and systems to engineering projects and services. To foster a comprehensive and sustainable approach, we embed cyber security within our organization, policies and governance, training and awareness programs, and throughout the lifecycle of our offering.

For ABB products, cyber security is embedded in their entire development lifecycle, from requirement gathering to design, implementation, testing, and post-release activities such as vulnerability handling: dedicated internal mandatory security standards aligned with IEC 62443 regulate the development lifecycle.

We are taking proactive steps to thoroughly analyze the impact of CRA on our operations and work towards compliance. We are making an active effort to prepare our products to meet the obligation of the CRA.

In parallel, we are actively participating in the activities of the European standardization organizations CEN and CENELEC to develop verticals, broad verticals, and horizontal standards to support the CRA.