OpenSSF's CRob: 'The Runway Is Rapidly Running Out' on EU CRA Readiness
The European Union's Cyber Resilience Act (CRA) is set to be enforced in September 2026, but many companies remain unprepared for its requirements. Christopher Robinson from OpenSSF highlighted that awareness of the CRA is alarmingly low, with 66% of Europeans and 72% of North Americans unaware of their obligations. As the deadline approaches, Robinson emphasizes the need for senior executives to engage in compliance efforts to avoid significant penalties.
- ▪The CRA mandates cybersecurity rules for products with digital elements sold in the EU market.
- ▪62% of people in Europe were unaware of CRA requirements last year, increasing to 66% this year.
- ▪72% of respondents in the U.S. and Canada are unfamiliar with the CRA, despite legal obligations for compliance.
Opening excerpt (first ~120 words) tap to expand
OpenSSF’s CRob: ‘The Runway Is Rapidly Running Out’ on EU CRA Readiness By: Steven J. Vaughan-Nichols on May 20, 2026 The EU’s Cyber Resilience Act kicks into high gear this September, and companies are still clueless about how they must obey its strictures.MINNEAPOLIS — At Open Source Summit North America, Christopher “CRob” Robinson, Chief Security Architect for the Open Source Software Foundation (OpenSSF), spoke about the European Union’s (EU) Cyber Resilience Act (CRA). CRob warned that companies are still “running straight at that wall” as the first CRA enforcement date draws ever closer.The CRA, for those who don’t know it, sets mandatory cybersecurity rules for nearly all “products with digital elements,” which means hardware and software, sold on the EU market, with most…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DevOps.com.
Discussion
0 commentsMore from DevOps.com
