Europe’s Cybersecurity Clock Is Ticking. Here’s What Companies Need to Know
Europe’s Cybersecurity Clock Is Ticking. Here’s What Companies Need to Know
Publish Date: 2026-03-16 14:15:00
Source Domain: www.pymnts.com
A sweeping European Union law is about to reshape how tech companies, from Silicon Valley giants to small software startups, build and sell their products. And the clock is already running.
The EU’s Cyber Resilience Act, known as the CRA, is one of the most ambitious digital security laws ever passed. It requires that virtually any product containing software or connected technology be built with security in mind from the start, and that it stay secure for its entire lifespan. That includes everything from smart home devices to enterprise software. Now, with key deadlines approaching, companies are scrambling to figure out what they need to do and when.
On March 3, the European Commission published draft guidance intended to help businesses navigate the law’s more complicated requirements. The guidance is open for public comment until March 31, according to an analysis by the international law firm Steptoe.
We’d love to be your preferred source for news.
Please add us to your preferred sources list so our news, data and interviews show up in your feed. Thanks!
The guidance couldn’t come at a better time. According to Steptoe, the first major compliance deadline hits in less than six months. Starting September 11, 2026, manufacturers must begin reporting certain cybersecurity incidents to EU authorities — specifically, any actively exploited vulnerability in their products, or any serious security incident that affects users. Those reports must go to national computer security teams and to ENISA, the EU’s cybersecurity agency. Affected users must also be notified.
After that, companies face a broader and more demanding deadline. By December 11, 2027, virtually all other CRA requirements kick in. That means manufacturers will need to meet baseline cybersecurity standards, conduct formal risk assessments, maintain detailed technical documentation, and handle vulnerabilities throughout a product’s entire…
