Skip to content
EU

ETSI Publishes Draft Cybersecurity Standards for the Cyber Resilience Act

The European Telecommunications Standards Institute (ETSI) has released a comprehensive set of Draft Standards supporting the implementation of the EU Cyber Resilience Act (CRA). These new documents aim to establish harmonized cybersecurity requirements for a wide range of digital products and software components, helping manufacturers and developers meet upcoming regulatory obligations.

The Draft Standards are now publicly available for review and open for comments, allowing stakeholders across industry, government, and cybersecurity communities to contribute to their finalization.

Overview of Newly Released ETSI Draft Standards

ETSI’s draft publications cover critical categories of digital products and software widely used across consumer, enterprise, and industrial environments. The released Draft Standards include:

Cybersecurity Requirements for Common Software and Security Tools

  • EN 304 617 – Browsers
  • EN 304 618 – Password managers
  • EN 304 619 – Anti-malware tools (search, removal, quarantine)
  • EN 304 620 – Virtual Private Networks (VPNs)

Network Infrastructure & Security Ecosystem Components

  • EN 304 621 – Network Management Systems (NMS)
  • EN 304 622 – Security Information and Event Management (SIEM)
  • EN 304 625 – Physical and virtual network interfaces
  • EN 304 627 – Routers, modems for internet access, and network switches

System & Platform Requirements

  • EN 304 623 – Boot managers
  • EN 304 624 – Public Key Infrastructure (PKI) and digital certificate issuance software
  • EN 304 626 – Operating Systems (OS)
  • EN 304 635 – Virtualisation Execution Stack (VES) and Container Execution Stack (CES), including hypervisors and container runtimes
  • EN 304 636 – Firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS)

Why These Draft Standards Matter

These documents form a central part of Europe’s efforts to ensure secure‑by‑design digital products. Once finalized, they are expected to serve as presumption‑of‑conformity standards, helping manufacturers demonstrate compliance with the Cyber Resilience Act more efficiently.

Public Consultation Now Open

ETSI encourages industry professionals, cybersecurity specialists, and regulatory stakeholders to review the Draft Standards and submit comments.
The full set of documents can be accessed here, and feedback may be provided through ETSI’s official consultation channels.

For any questions, clarifications, or further information regarding this consultation, please contact: Sofilyx Compliance

Section Title

Algeria

Algeria Enforces New Rules for Approving Electronic Communications Equipment

By February 27, 2026 Algeria
Algeria has enforced a new decree regulating the approval of electronic communications equipment...
Read More
Qatar

CRA Updates Qatar National Frequency Allocation Plan

By February 27, 2026 Qatar
The Communications Regulatory Authority (CRA) has issued an updated Qatar National Frequency...
Read More
Colombia

Colombia Expands Flexibility in the 900 MHz Band to Boost Connectivity

By February 23, 2026 Colombia
Colombia’s National Spectrum Agency (ANE) has enabled flexible use of the 900 MHz band to expand...
Read More
EU

EU Repeals RED Cybersecurity Delegated Regulation Ahead of Cyber Resilience Act (CRA) Implementation in 2027

By February 23, 2026 European Union
The European Commission will repeal the RED Cybersecurity Delegated Regulation (EU) 2022/30 on 11...
Read More
Oman

Oman TRA Launches Self‑Declaration of Conformity Service to Accelerate Type Approval Procedures

By February 10, 2026 Oman
Oman’s Telecommunications Regulatory Authority has launched a Self‑Declaration of Conformity service...
Read More
Paraguay

Paraguay Authorizes 3.700–3.800 MHz Band for IMT to Boost 5G Deployment

By February 10, 2026 Paraguay
Paraguay’s telecom regulator, CONATEL, has officially designated the 3.700–3.800 MHz band for IMT...
Read More
Moldova

Moldova Renames Its Communications Authority: ANRCETI Becomes ARCOM

By February 6, 2026 Moldova
Beginning January 2026, Moldova’s communications regulator adopts a new name: ARCOM. The change...
Read More
Chile

Chile Updates Technical Standard for Short‑Range Devices

By February 6, 2026 Chile
SUBTEL has issued Resolution 2219, updating the technical standard for short‑range devices with...
Read More
USA FCC

FCC Approves New GVP Devices to Deliver Faster Wi‑Fi and Next‑Gen Connectivity

By January 30, 2026 USA
The FCC has adopted new rules allowing GVP devices to operate at higher power in the 6 GHz band...
Read More