Skip to main content
News & Insights

The Update for
Digital Health.

Technical depth, regulatory updates, and insights into the future of health identities.

One post tagged with "cyber-resilience-act"

View all tags
The EU Cyber Resilience Act (CRA) for Digital Health: Obligations, Deadlines, and What Applies to DiGAs and Health Software

The Cyber Resilience Act (CRA) is no longer a future concern – it's applicable EU law. The first hard obligations kick in on September 11, 2026, and the regulation applies in full from December 11, 2027. For digital health providers, this raises a question many still underestimate: where exactly does the CRA apply to me – and what about my software supply chain?

This article explains what the CRA requires, which deadlines apply, how it relates to medical device regulation (MDR), and what this means in practice for DiGAs, health apps, and their suppliers.