One post tagged with "cyber-resilience-act"
View all tags
The Cyber Resilience Act (CRA) is no longer a future concern – it's applicable EU law. The first hard obligations kick in on September 11, 2026, and the regulation applies in full from December 11, 2027. For digital health providers, this raises a question many still underestimate: where exactly does the CRA apply to me – and what about my software supply chain?
This article explains what the CRA requires, which deadlines apply, how it relates to medical device regulation (MDR), and what this means in practice for DiGAs, health apps, and their suppliers.