Webinar “Cyber Resilience Act (EU CRA) and IEC62443” – Recording available

09/24/2024

Presentation and recording is available now!

Presentation and recording is available now!

 

Please also consider the previous webinar about the CRA from legal aspects:

During this webinar “Cyber Resilience Act (CRA) – Solving some Fundamental Legal Aspects” Dr. Gerrit Hötzel spoke about 2 topics and was available for a long Q&A session:

Commercial Use of Open-Source Software under the Cyber Resilience Act

Any company using open-source software in the course of commercial activities will have to demonstrate conformity of the open-source software with the CRA. This is not a simple task, given that open-source software is third-party software. Also, this represents a significant shift from the current straightforward use of open-source software and will fundamentally alter how open-source software can be employed while minimizing legal risks. More on this and further aspects regarding open-source software under the CRA are given in the talk, e.g. security attestations of open-source software and so-called open-source software stewards.

10 Examples Cases for CRA Contract Design and Supply Chain Management

One key element of the Cyber Resilience Act (CRA) is its emphasis on the supply chain. Many obligations imposed on commercial enterprises can only be fulfilled if suppliers are contractually required to participate in the conformity assessment, particularly concerning software included in their products. However, the contractual arrangements with suppliers are not the only critical factor; the agreements with customers are equally important. In addition to requirements for providing security updates and information to customers, the CRA introduces a major change: a support period of up to five years. Does this mean that all warranty and liability clauses in terms and conditions and sales contracts need to be revised to accommodate this new requirement?