What obligations apply throughout the product lifecycle?

Under the EU Cyber Resilience Act, cyber security is a long-term responsibility for machine manufacturers, not a one-time task.

Manufacturers must provide security updates and vulnerability handling for the expected lifetime of the machine, or at least five years. After the machine is placed on the EU market, manufacturers must monitor vulnerabilities, fix security issues without delay, and deliver updates securely.

Technical documentation, including risk assessments, SBOMs, and vulnerability handling procedures, must be kept up to date and retained for years after sale. Authorities may request this documentation at any time.

In short, machine manufacturers must design, maintain, update, and document cybersecurity throughout the entire machine lifecycle.

Read more about our End-to-End system CRA Navigator AI.

Read also

Interested?

Please leave a message and we will get back to you as soon as possible

Contact us

Contact request

This field is for validation purposes and should be left unchanged.