European Commission publishes draft CRA guidance for feedback (scope and application topics affecting Annex III important products)

The European Commission published draft guidance for feedback to assist companies applying the Cyber Resilience Act (CRA). The draft guidance addresses scope and application issues (including remote data processing solutions, free and open-source software, support periods, and interplay with other EU legislation) that can directly affect whether a product is in-scope and how CRA obligations apply. These clarifications can materially impact Annex III ‘important products’ determinations and the resulting conformity assessment route (e.g., whether third-party assessment pathways apply). The Commission opened a feedback period (consultation deadline stated as 31 March on the Commission news page).