2026 Annual Union Work Programme for European standardisation signals upcoming CRA harmonised standards request complementing M/606

In the Commission Notice publishing the 2026 annual Union work programme for European standardisation (OJ C; C/2026/1695), the Commission includes an item on cybersecurity requirements for products with digital elements supporting Regulation (EU) 2024/2847 (Cyber Resilience Act). The Notice signals an upcoming standardisation request to develop harmonised European standards in support of the CRA, complementing the earlier request M/606, and notes the intent to address gaps for products with digital elements outside CRA Annexes III–IV (e.g., in rail, machinery, lifts, agricultural machinery, AI systems and solar inverters). While not an Annex III amendment, this is relevant to Annex III compliance strategy because harmonised standards (when cited) underpin presumption of conformity for CRA essential requirements and influence how Annex III manufacturers demonstrate compliance and plan conformity assessment evidence.