European Commission - CRA standardisation
Estandares armonizados y solicitud M/606 para los requisitos esenciales del CRA.
- Regulación: CRA
- Emisor: European Commission
- Fuente oficial: https://digital-strategy.ec.europa.eu/en/policies/cra-standardisation
An official website of the European UnionAn official EU website
How do you know?
All official European Union website addresses are in the europa.eu domain.
See all EU institutions and bodies
This site uses cookies. Visit our cookies policy page or click the link in any footer for more information and to change your preferences.
Accept all cookies Accept only essential cookies
Cyber Resilience Act - Standardisation
Technical standards play an important role in facilitating the CRA implementation.
The work on standard development activities is led by the European Standardisation Organisations in close cooperation with industry representatives.
What are the main rules?
In order to facilitate assessment of conformity with the requirements laid down in the CRA, products with digital elements which are in conformity with harmonised standards benefit from a presumption of conformity with the CRA essential requirements. Harmonised standards translate the essential cybersecurity requirements set out in the CRA into detailed technical specifications and are adopted in accordance with the Standardisation Regulation ( Regulation (EU) No 1025/2012). The standardisation process should ensure a balanced representation of interests and effective participation of civil society stakeholders, including consumer and open-source organisations.
Standardisation request on CRA
The European Commission has adopted a standardisation request M/606, containing a set of 41 standards in support of the CRA. The request includes both horizontal and vertical (or product-specific) standards, aiming to support manufacturers in implementing the essential cybersecurity requirements.
Horizontal standards provide a common a framework, promoting coherence and offer horizontal processes for compliance with the CRA, including on vulnerability handling. Vertical(also called product-specific) standards intend to provide presumption of conformity for product types considering the risks involved in their intended purpose or reasonably foreseeable use. The first CRA standardisation request prioritises the development of standards covering the important and critical product categories set out in CRA Annex III and IV.
In addition, the European Standardisation Organisations are also developing a set of support deliverables covering aspects such as terminology, sectoral risk assessment methodology, and a common threat catalogue. Additional standards may be developed to further support manufacturers application of the CRA.
How to get engaged in CRA standardisation ?
- CRA European standards | STAN4CR: website where the ESOs make information available on the CRA standards development activities.
- CYBERSTAND.eu aims to empower European stakeholders to engage in the development of standards and conformity in relation to the CRA.
Reference documents and links
- CRA standardisation request: Register of Commission Documents - C(2025)618
Related Content
Big Picture
Introducing the Cyber Resilience Act: the EU's new plan to make sure all digital products are safe from cyber threats. This important rulebook requires that devices and software are designed, updated, and maintained to protect users in our increasingly digital world. Experience a safer, more connected future where your security comes first.
Last update
12 January 2026