European Commission opens feedback period on draft CRA guidance (scope/obligations) relevant to Annex IV product classification and compliance

The European Commission published a draft guidance package to assist companies in applying the Cyber Resilience Act (CRA) and opened a feedback period. Although this is not an amendment to Annex IV, the draft guidance is directly relevant to Annex IV ‘critical products’ compliance because it addresses CRA scope and obligations (including topics such as remote data processing solutions, free and open-source software, support periods, and interaction with other EU legislation), which can affect classification and compliance planning for products that may fall under Annex IV and therefore require stricter conformity assessment routes.