Public CommentProposedPublic CommentGuidance UpdateProposed Regulation

European Commission publishes draft CRA guidance for feedback (scope/application topics relevant to Annex III important products)

EU Cyber Resilience Act (Regulation (EU) 2024/2847) — Annex III Important Products Additional RequirementsEuropean CommissionEU

Announced

Mar 3, 2026

Description

The European Commission published draft guidance for feedback to help companies apply the Cyber Resilience Act (CRA). The draft guidance addresses topics that can directly affect interpretation and compliance planning for Annex III ‘important products’ (e.g., treatment of remote data processing solutions, free and open-source software, ‘support periods’, and interplay with other EU legislation). A public feedback period is open until 31 March 2026, which is relevant for manufacturers and other economic operators preparing Annex III-related classification and conformity assessment strategies.

Sources

OfficialCommission publishes for feedback draft guidance to assist companies in applying the Cyber Resilience Act | Shaping Europe’s digital future
OfficialDraft Commission guidance on the Cyber Resilience Act (Have your say)

European Commission publishes draft CRA guidance for feedback (scope/application topics relevant to Annex III important products)

Description

Sources

Get compliance alerts for EU Cyber Resilience Act (Regulation (EU) 2024/2847) — Annex III Important Products Additional Requirements