Global
Austria
Bulgaria
Croatia
Czech Republic
Denmark
Estonia
Finland
France
Germany
Greece
Hungary
Ireland
Italy
Latvia
Lithuania
Luxembourg
Netherlands
Norway
Poland
Portugal
Romania
Serbia
Slovakia
Slovenia
Spain
Sweden
Turkiye
United Kingdom
Global
Argentina
Aruba
Bolivia
Brazil
Chile
Colombia
Costa Rica
Dominican Republic
Ecuador
El Salvador
Guatemala
Honduras
Mexico
Panama
Paraguay
Peru
Puerto Rico
United States of America
Uruguay
Global
Bahrain
Israel
Jordan
Kuwait
Lebanon
Oman
Pakistan
Palestine
Qatar
Saudi Arabia
South Africa
United Arab Emirates
Global
Australia
Bangladesh
India
Indonesia
Japan
Kazakhstan
Malaysia
New Zealand
Philippines
Singapore
South Korea
Sri Lanka
Taiwan (Chinese Taipei)
Thailand
Vietnam
The Cyber Resilience Act (CRA) is a regulation introduced by the European Union to strengthen cybersecurity across products with digital elements, such as smart devices, software, and network-connected hardware. Its goal is to ensure that these products are designed, developed, and maintained with strong cybersecurity protections throughout their lifecycle. Manufacturers are required to conduct risk assessments, provide security updates, and address vulnerabilities proactively. The CRA also mandates that companies report significant security incidents to EU authorities within tight timeframes.
The CRA applies to products with digital elements sold in the EU, whether made locally or imported, though certain categories like medical devices or aviation products are exempt. It will be rolled out gradually, with full compliance required by December 2027. Once the CRA applies, products with digital elements made available on the EU market, whether by EU or non-EU companies, will need to follow the CRA cyber security obligations. By enforcing such mandatory obligations, the EU aims to protect consumers, businesses, and infrastructure from cyber threats in an increasingly connected world.
We recognize the critical importance of cyber security in our offering, from products and systems to engineering projects and services. To foster a comprehensive and sustainable approach, we embed cyber security within our organization, policies and governance, training and awareness programs, and throughout the lifecycle of our offering.
For ABB products, cyber security is embedded in their entire development lifecycle, from requirement gathering to design, implementation, testing, and post-release activities such as vulnerability handling: dedicated internal mandatory security standards aligned with IEC 62443 regulate the development lifecycle.
We are taking proactive steps to thoroughly analyze the impact of CRA on our operations and work towards compliance. We are making an active effort to prepare our products to meet the obligation of the CRA.
In parallel, we are actively participating in the activities of the European standardization organizations CEN and CENELEC to develop verticals, broad verticals, and horizontal standards to support the CRA.