Free regulatory intelligence — powered by Certivo
Guidance UpdateLiveGuidance UpdateNewsLive Regulation

Commission Notice (OJ C/2026/1695) 2026 annual EU standardisation work programme references CRA Annex III/IV vertical standards (M/606)

EU Cyber Resilience Act (CRA) - Critical Products Annex IVEuropean CommissionEU
Announced

Mar 19, 2026

Description

The European Commission published a Commission Notice in the Official Journal (C/2026/1695) setting the 2026 annual Union work programme for European standardisation. The programme includes an action on cybersecurity requirements for products with digital elements linked to the Cyber Resilience Act (Regulation (EU) 2024/2847) and states that an upcoming standardisation request will complement earlier request M/606. The Notice explicitly notes that M/606 mandates both horizontal cybersecurity properties and vertical standards for CRA Annex III/IV product categories (including Annex IV critical products). While this does not amend Annex IV categories, it is an official implementation/standardisation signal affecting how Annex IV critical products are likely to demonstrate conformity via harmonised standards (presumption of conformity) once developed/adopted.

Sources

Get compliance alerts for EU Cyber Resilience Act (CRA) - Critical Products Annex IV

Certivo tracks regulatory changes and automates compliance workflows for your products.

Start Free Trial
Commission Notice (OJ C/2026/1695) 2026 annual EU standardisation work programme references CRA Annex III/IV vertical standards (M/606) | Certivo Regulations