The
Cyber Resilience Act and Horizontal Standards Workshop is a unique opportunity to gain insights into
the
key elements of the Cyber Resilience Act (CRA) and to
participate in discussions with other experts to influence the future of cybersecurity and
resilience in Europe through the horizontal standards that are developed to support the CRA.
The Cyber Resilience Act (CRA) aims to enhance
EU cybersecurity by ensuring that digital products and services remain secure throughout their
lifecycle. It promotes proactive risk management and accountability, enabling businesses and users to collaborate,
building a safer digital future. To support CRA implementation, the European Commission has issued a standardization
request to the European Standardization Organizations, focusing on both horizontal standards for a generic framework
and vertical standards for specific product risks. This workshop will highlight the
work on the horizontal standards required for CRA compliance.
The workshop will give an
overview of the Cyber Resilience Act, highlighting the key role of standardization and the way
forward. The workshop will provide a comprehensive understanding of how standards can effectively mitigate risks,
enhance cybersecurity posture, and ensure that products and services are aligned with the legal expectations set
forth by the CRA.
Topics Covered
This workshop focuses on the critical sets of standards that are currently under development:
Generic Essential Security Requirements (SR CRA, items 2-14)
Establishing fundamental security requirements for products with digital elements, including authentication and
access control mechanisms, cryptographic requirements and key management, secure communication protocols, data
protection and privacy safeguards, and incident logging and monitoring capabilities.
Why participate?
The workshop provides a unique platform for you to influence the development of the
horizontal CRA standards and to share your expertise, insights, and experiences. By participating, you will have the
opportunity to shape the future of cybersecurity practices and ensure that the standards developed are comprehensive,
practical, and effective.
Target group
Manufacturers and distributors of products with digital elements covered by the Cyber
Resilience Act, cybersecurity and standardization professionals, technology industry representatives, certification
and assessment bodies, academic institutions and researchers, cybersecurity consultants and auditors, and other
stakeholders eager to share their expertise to help shape the future CRA standards.
About STAN4CR
The development of harmonized European standards is essential for the successful
implementation of the Cyber Resilience Act (CRA). The STAN4CR project, funded by EISMEA (European Innovation Council
and SMEs Executive Agency), plays a pivotal role in the drafting process of harmonized standards to support CRA
compliance, with a clear focus on delivering the standards by October 2026.
Beyond its technical goals, the project aims to raise public awareness and actively
involve key stakeholders in the standardization process. Through these efforts, STAN4CR strives to enhance cyber
resilience across the EU Single Market while promoting broader societal engagement in standardization, including
participation from SMEs, Open-Source Communities, Academia, and other key actors within the digital ecosystem.
This workshop and the STAN4CR project are funded by the European Union through the
European Innovation Council and SMEs Executive Agency (EISMEA), under Grant Agreement No. 101196779.
More information: [https://www.stan4cra.eu/]
Find important resource information from the CRA on the following link: Resources | Stan4cr
The STAN4CRA project will organize three dissemination workshops on CRA standards
development. The first workshop was held in Copenhagen, organized by DS. Follow this link to find the
presentations and videos of the speakers:
https://www.ds.dk/en/our-services/workshop-cyber-resilience-act
Agenda
Time slot
|
Activities
|
9:30 – 10:00 | Registration and Welcome Coffee |
10:00 – 10:15 | Opening and Introduction - Javier García
General Director of UNE
|
10:15 – 10:30 | Spanish Landscape: National Cybersecurity Strategy
- Félix Antonio Barrio Juárez
General Director of Spanish National Cybersecurity Institute
(INCIBE)
|
10:30 – 10:50 | Overview of the Cyber Resilience Act (CRA) - Filipe Jones Mourão
Cybersecurity Officer of DG CNECT, European Commission
|
10:50 – 11:10 | Introduction to Standardization and Workshop Objectives - Lucía Lanfri
Project Manager of Electrotechnology - Standardization & Digital Solutions,
of CEN & CENELEC
|
11:10 – 11:30 | Coffee Break |
11:30 – 12:10 | Workshop presentation: Cybersecurity Requirements for Products with Digital Elements - Angelo D’Amato
CEN/CLC JTC13/WG9 Representative and Rapporteur of the Standard for
Generic Security Requirements
|
12:10 – 13:10 | Start of the Dynamic Workshop: Case Study - Angelo D’Amato
CEN/CLC JTC13/WG9 Representative and Rapporteur of the Standard for
Generic Security Requirements
|
13:10 – 14:00 | Lunch Break |
14:00 – 15:30 | Continuation of the Dynamic Workshop on the Case Study
- Angelo D’Amato
CEN/CLC JTC13/WG9 Representative and Rapporteur of the Standard for
Generic Security Requirements
|
15:30 – 15:50 | Coffee Break
|
15:50 – 16:40 | Closure of the Dynamic Workshop on the Case Study - Angelo D’Amato
CEN/CLC JTC13/WG9 Representative and Rapporteur of the Standard for
Generic Security Requirements
|
16:40 – 16:50 | Next Steps for CRA’s Standardization Development - Lucía Lanfri
Project Manager of Electrotechnology - Standardization & Digital Solutions,
of CEN & CENELEC
|
16:50 – 17:00
| Closing Words
|