As our world becomes increasingly digital, so does the risk of cyberattacks.

That’s why we need clear, common rules to protect both businesses and individuals. Two of the most important pieces of legislation right now are the Cyber Resilience Act (CRA) and the Network and Information Security Directive (NIS2).

But what do they actually mean, and how do they affect your business?

Cyber Resilience Act (CRA) - Built-in security from the start
The CRA is the EU’s initiative to ensure that digital products both software and hardware have the right security built in from the outset. Manufacturers and suppliers must meet higher security requirements throughout the product lifecycle.

Why is this important?
• Prevents unsafe products from reaching the market and reduces the risk of cyberattacks
• Gives users more confidence that their digital systems are secure
• Creates a common security standard across the EU, making compliance easier for businesses

Christian Lund, CIO at Seriline, said:
"With cyber threats evolving faster than ever, security needs to be built in from the start - it's no longer an option but a basic requirement. The Cyber Resilience Act is an important step to increase the security of digital products and create a more resilient and secure digital market across the EU."

NIS 2 Directive - Strengthening the protection of essential services
NIS 2 updates previous rules and aims to increase cybersecurity in critical sectors such as energy, transport, healthcare and finance. It sets higher standards for security measures, incident reporting and risk management.

What does NIS2 mean for your business?
• Stricter security requirements and mandatory risk assessments
• Incident notification within 24 hours of detecting a significant incident
• Significant sanctions for security breaches
• More industries and businesses covered by the rules

“NIS2 and CRA aren't just about protecting your own business - they place demands on your entire supply chain. Companies will need to take this very seriously, not least because cybersecurity failures can lead to severe sanctions. In particularly serious cases, those responsible may even be banned from holding senior positions. This makes cybersecurity a crucial business issue.” says Christian.

How can businesses prepare?

To meet the requirements of CRA and NIS 2, you need to:
• Identify vulnerabilities - conduct a cybersecurity analysis to find weaknesses
• Build security from the start - ensure IT products are developed with security in mind
• Train staff – everyone must understand the importance of cybersecurity
• Have an incident response plan - a rapid response to breaches can limit damage

Conclusion
CRA and NIS2 raise the level of security in the EU’s digital landscape. Tighter requirements for both products and operations help reduce risks and increase resilience to cyber threats.

“Companies that adapt in time reduce their risks while strengthening the trust of customers and partners. That's why we at Seriline are working proactively with both NIS2 and CRA.”
Christian Lund, CIO at Seriline Group