EGMF co-signs Orgalim statement on the Cyber Resilience Act

EGMF joined forces with Orgalim and other sectoral associations to co-sign a statement on the upcoming Cyber Resilience Act (CRA).

As the regulation is in the process of being finalised, we urge the European institutions to take the necessary time to effectively address the remaining concerns of the industrial sector, avoiding rushing this crucial piece of legislation on cybersecurity.

We highlight 5 key points to be considered:

  1. Transitional Periods: We advocate for a 48-month transitional period, with an additional 24 months for Non-Road Mobile Machinery (NRMM), to ensure a smooth and thorough adoption process.
  2. Product Classification: We endorse the Council’s methodology proposal, emphasising cybersecurity risks as the basis for classifying critical products.
  3. Exclusions: The exclusion of spare parts and free and open-source software (FOSS) development from the CRA is crucial to safeguard innovation and the sustainability of long-term investments.
  4. Support Periods: A support period aligned with the expected product lifetime, as proposed by the European Parliament, is essential for adaptability and resilience.
  5. Cybersecurity Requirements: A refined focus on essential cybersecurity requirements is necessary to meet the specific needs of the industry without stifling growth.
    We are committed to a future where robust cybersecurity and industrial innovation go hand in hand. Let’s ensure the CRA supports this vision. 


Read the statement here