In October 2024, the EU Council approved the Cyber Resilience Act (CRA). The CRA sets security requirements for all products with digital elements. From 2027, manufacturers may only sell products in the European Union if they meet these requirements.
The CRA also covers all digital products used by grid operators, both hardware and software. So, although manufacturers are responsible for implementing the CRA requirements, it will also affect grid operators. The question hence arises if they should do something to prepare for the CRA.
This document explains how grid operators could be impacted by the CRA and what to do to prepare for it.