The European Union is entering a new era of cybersecurity regulation. With the Cyber Resilience Act (CRA) now in force and its first major compliance obligations taking effect from September 2026, organisations developing, manufacturing, or selling digital products must prepare for a fundamentally different regulatory landscape.
To help businesses, innovators, policymakers and technology leaders navigate these changes, Digital For Planet and Martel Innovate have published a new white paper.
EU Cyber Resilience Act: Trends, Challenges, and Opportunities
Written by Dr Anna Aseeva (Policy & Sustainability Expert at Digital For Planet) and PhD Candidate Karolina Gyurovszka (Policy Analyst and Consultant at Martel Innovate), the white paper provides a practical and strategic analysis of one of the most significant pieces of EU digital legislation in recent years.
Why the Cyber Resilience Act matters
The CRA introduces mandatory cybersecurity requirements for virtually every product with digital elements placed on the European market. From connected devices and industrial systems to software applications and IoT products, manufacturers will need to demonstrate that cybersecurity is embedded throughout the entire product lifecycle.
Much like the GDPR transformed the way organisations approached privacy, the CRA is expected to reshape how companies design, develop and maintain digital products—making security by design a legal requirement rather than a competitive advantage.
Importantly, the regulation does not only affect organisations based in the European Union. Any company wishing to market digital products in the EU, including Swiss companies and other international manufacturers, must comply with the new requirements. Failure to do so may result in significant financial penalties, product recalls, or restricted access to the European market.
What you’ll learn
The white paper explores both the legal framework and its practical implications, including:
- Why many experts describe the CRA as the “new GDPR” for cybersecurity
- The key compliance deadlines organisations need to prepare for
- The obligations placed on manufacturers, importers and distributors
- How the regulation affects SMEs, startups and open-source software communities differently
- The challenges of managing cybersecurity across increasingly complex software supply chains
- Strategic recommendations for organisations seeking to turn compliance into a competitive advantage.
The publication also includes a practical case-by-case evaluation framework to help organisations understand when open-source software falls within the scope of the CRA and what compliance obligations may apply.
Three key takeaways
The white paper highlights three messages every organisation should keep in mind:
- Security is becoming the new safety standard for digital products.
- Compliance is your passport to the European market, regardless of where your company is headquartered.
- Cyber resilience is a shared responsibility, requiring collaboration across development teams, suppliers, management and the wider software ecosystem.
Whether you are a technology company, startup, software developer, manufacturer, policy professional or cybersecurity expert, this white paper offers valuable insights into one of Europe’s most consequential digital regulations.