{"id":817,"date":"2024-10-24T17:45:13","date_gmt":"2024-10-24T21:45:13","guid":{"rendered":"https:\/\/ami2025dev.wpenginepowered.com\/the-european-union-cyber-resilience-act-has-arrived\/"},"modified":"2025-12-10T16:18:20","modified_gmt":"2025-12-10T16:18:20","slug":"the-european-union-cyber-resilience-act-has-arrived","status":"publish","type":"project","link":"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/","title":{"rendered":"The European Union Cyber Resilience Act Has Arrived"},"content":{"rendered":"<p>On October 10, 2024, the highly anticipated <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/cyber-resilience-act\" target=\"_blank\" rel=\"noopener\">Cyber Resilience Act (CRA)<\/a> was adopted by the European Commission (EU) Council. The new law provides for a 36-month period after signing and publication before the requirements in the act will be enforced. However, the CRA goes into force only 20 days after its publication. Signing and publication are projected to take place in the coming weeks.<\/p>\n<h3><strong>Enterprises Must Start Designing for the CRA Now<\/strong><\/h3>\n<p>What does this mean for companies that produce and ship critical products with digital elements (PDEs)? Starting in late 2027, the EU will begin enforcing CRA requirements on products that started shipping 20 days after publication, in 2024. Developers and manufacturers should plan accordingly to ensure compliance and avoid any potential fines or disruptions in shipping, come late 2027.<\/p>\n<h3><strong>Changes in Technology and Practice are Required\u00a0<\/strong><\/h3>\n<p>Included in <a href=\"https:\/\/www.european-cyber-resilience-act.com\/\" target=\"_blank\" rel=\"noopener\">CRA requirements<\/a> are key elements that should be addressed as initial units are shipped before the 2027 enforcement date. Through the CRA\u2019s definition of \u201csoftware\u201d, any \u201cpart of an electronic system that consists of computer code\u201d will need to have an associated software bill of materials (SBOM) and be resilient from cyber-attacks. This includes all firmware, as it is the foundational computer code for all electronic systems.<\/p>\n<h3><strong>Firmware Must be Resilient<\/strong><\/h3>\n<p>To ensure compliance in late 2027, developers of PDEs must design capabilities to detect corrupted firmware at power-on, prevent firmware corruption during runtime, and recover corrupted firmware to a trusted firmware image. Additionally, all versions of firmware running on PDEs must have an associated SBOM where vulnerabilities can be traced and managed.<\/p>\n<h3><strong>How AMI Can Help?<\/strong><\/h3>\n<p>Aligning with these requirements, AMI offers products and services that help our customers comply with the EU CRA, along with other international standards and regulations. This includes firmware with all associated SBOMs, vulnerability management through our Product Security Incident Response Team (PSIRT) and AMI\u2019s Tektagon Platform Root of Trust (PRoT) solution for platform firmware resilience.<\/p>\n<p>Customers should <a href=\"https:\/\/www.ami.com\/contact-us\/\" target=\"_blank\" rel=\"noopener\">contact their associated AMI sales representative<\/a> to learn more about how AMI can help them comply with the CRA and other cyber security regulations.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On October 10, 2024, the highly anticipated Cyber Resilience Act (CRA) was adopted by the European Commission (EU) Council. The new law provides for a 36-month period after signing and publication before the requirements in the act will be enforced. However, the CRA goes into force only 20 days after its publication. Signing and publication [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":818,"comment_status":"open","ping_status":"open","template":"","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","content-type":"","footnotes":""},"project_category":[1499],"project_tag":[],"class_list":["post-817","project","type-project","status-publish","has-post-thumbnail","hentry","project_category-blog","topics-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.1 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>The European Union Cyber Resilience Act Has Arrived - AMI<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The European Union Cyber Resilience Act Has Arrived\" \/>\n<meta property=\"og:description\" content=\"On October 10, 2024, the highly anticipated Cyber Resilience Act (CRA) was adopted by the European Commission (EU) Council. The new law provides for a 36-month period after signing and publication before the requirements in the act will be enforced. However, the CRA goes into force only 20 days after its publication. Signing and publication [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/\" \/>\n<meta property=\"og:site_name\" content=\"AMI\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TheWorldRunsonAMI#\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-10T16:18:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/02\/960x0.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"640\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@AMI_PR\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/\",\"url\":\"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/\",\"name\":\"The European Union Cyber Resilience Act Has Arrived - AMI\",\"isPartOf\":{\"@id\":\"https:\/\/www.ami.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/02\/960x0.jpeg\",\"datePublished\":\"2024-10-24T21:45:13+00:00\",\"dateModified\":\"2025-12-10T16:18:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/#primaryimage\",\"url\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/02\/960x0.jpeg\",\"contentUrl\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/02\/960x0.jpeg\",\"width\":960,\"height\":640},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ami.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Resources\",\"item\":\"https:\/\/www.ami.com\/project\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"The European Union Cyber Resilience Act Has Arrived\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ami.com\/#website\",\"url\":\"https:\/\/www.ami.com\/\",\"name\":\"AMI\",\"description\":\"Trusted Leader in UEFI, BMC &amp; Open-Source Firmware\",\"publisher\":{\"@id\":\"https:\/\/www.ami.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ami.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.ami.com\/#organization\",\"name\":\"AMI\",\"url\":\"https:\/\/www.ami.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ami.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2025\/09\/cropped-AMI-Favicon.png\",\"contentUrl\":\"https:\/\/www.ami.com\/wp-content\/uploads\/2025\/09\/cropped-AMI-Favicon.png\",\"width\":512,\"height\":512,\"caption\":\"AMI\"},\"image\":{\"@id\":\"https:\/\/www.ami.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/TheWorldRunsonAMI#\",\"https:\/\/x.com\/AMI_PR\",\"https:\/\/www.linkedin.com\/company\/ami\",\"https:\/\/www.youtube.com\/c\/AMI_PR\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The European Union Cyber Resilience Act Has Arrived - AMI","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/","og_locale":"en_US","og_type":"article","og_title":"The European Union Cyber Resilience Act Has Arrived","og_description":"On October 10, 2024, the highly anticipated Cyber Resilience Act (CRA) was adopted by the European Commission (EU) Council. The new law provides for a 36-month period after signing and publication before the requirements in the act will be enforced. However, the CRA goes into force only 20 days after its publication. Signing and publication [&hellip;]","og_url":"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/","og_site_name":"AMI","article_publisher":"https:\/\/www.facebook.com\/TheWorldRunsonAMI#","article_modified_time":"2025-12-10T16:18:20+00:00","og_image":[{"width":960,"height":640,"url":"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/02\/960x0.jpeg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@AMI_PR","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/","url":"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/","name":"The European Union Cyber Resilience Act Has Arrived - AMI","isPartOf":{"@id":"https:\/\/www.ami.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/#primaryimage"},"image":{"@id":"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/02\/960x0.jpeg","datePublished":"2024-10-24T21:45:13+00:00","dateModified":"2025-12-10T16:18:20+00:00","breadcrumb":{"@id":"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/#primaryimage","url":"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/02\/960x0.jpeg","contentUrl":"https:\/\/www.ami.com\/wp-content\/uploads\/2023\/02\/960x0.jpeg","width":960,"height":640},{"@type":"BreadcrumbList","@id":"https:\/\/www.ami.com\/resource\/the-european-union-cyber-resilience-act-has-arrived\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ami.com\/"},{"@type":"ListItem","position":2,"name":"Resources","item":"https:\/\/www.ami.com\/project\/"},{"@type":"ListItem","position":3,"name":"The European Union Cyber Resilience Act Has Arrived"}]},{"@type":"WebSite","@id":"https:\/\/www.ami.com\/#website","url":"https:\/\/www.ami.com\/","name":"AMI","description":"Trusted Leader in UEFI, BMC &amp; Open-Source Firmware","publisher":{"@id":"https:\/\/www.ami.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ami.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.ami.com\/#organization","name":"AMI","url":"https:\/\/www.ami.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ami.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.ami.com\/wp-content\/uploads\/2025\/09\/cropped-AMI-Favicon.png","contentUrl":"https:\/\/www.ami.com\/wp-content\/uploads\/2025\/09\/cropped-AMI-Favicon.png","width":512,"height":512,"caption":"AMI"},"image":{"@id":"https:\/\/www.ami.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/TheWorldRunsonAMI#","https:\/\/x.com\/AMI_PR","https:\/\/www.linkedin.com\/company\/ami","https:\/\/www.youtube.com\/c\/AMI_PR"]}]}},"_links":{"self":[{"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project\/817","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project"}],"about":[{"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/types\/project"}],"author":[{"embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/comments?post=817"}],"version-history":[{"count":0,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project\/817\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/media\/818"}],"wp:attachment":[{"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/media?parent=817"}],"wp:term":[{"taxonomy":"project_category","embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project_category?post=817"},{"taxonomy":"project_tag","embeddable":true,"href":"https:\/\/www.ami.com\/wp-json\/wp\/v2\/project_tag?post=817"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}