Status: In force. Applies from 11 December 2027. However, Article 14 applies from 11 September 2026 and Chapter IV (Articles 35 to 51) applies from 11 June 2026.
EUR-Lex-link: Adopted and published version, including other language versions, can be found here.
Full name: Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act)
Type: Regulation
Objective and key elements:
- Setting horizontal baseline for security in the internal market
- Increasing the overall level of cybersecurity of all products with digital elements by introducing essential cybersecurity requirements for such products
- Security updates to be made available for at least 5 years
- Reporting obligations in case of security incidents
- Possibility to recall products not fulfilling the requirements
Relevant to: Manufacturers, importers, and distributors of products and software including digital elements (excluding services, such as SaaS and certain specifically regulated products (e.g. cars)).
Documents (old versions):
- Text adopted by the Parliament, link
- The Council’s proposed amendments on 13 July 2023, link
- Commission proposal published on 15 September 2022, link
(Last updated 27 October 2025)