Under the Cyber Resilience Act, manufacturers and developers of connected devices (both software and hardware) will be required to provide technical documentation to show how the product is in compliance with the requirements of the Act.

As part of the CRA legal text, the European Commission has prescribed the content that the Technical Document must contain, such as a general description of the product, the vulnerability management processes that are in place, the length of the support period (and how this was decided) and the cybersecurity controls in place. The full set of requirements is available in the ‘documents section’ below.

In order to ease the burden on SMEs, the European Commission is looking to create a simplified version of the technical document for smaller companies. To do so, they are gathering feedback on which requirements in the documentation might be most burdensome.

DIGITAL SME members are invited to a deep dive session with the European Commission, where the requirements of the Technical Documentation will be explained, and you can provide your feedback directly to the Commission.