The European Telecommunications Standards Institute (ETSI) has released a comprehensive set of Draft Standards supporting the implementation of the EU Cyber Resilience Act (CRA). These new documents aim to establish harmonized cybersecurity requirements for a wide range of digital products and software components, helping manufacturers and developers meet upcoming regulatory obligations.

The Draft Standards are now publicly available for review and open for comments, allowing stakeholders across industry, government, and cybersecurity communities to contribute to their finalization.

Overview of Newly Released ETSI Draft Standards

ETSI’s draft publications cover critical categories of digital products and software widely used across consumer, enterprise, and industrial environments. The released Draft Standards include:

Cybersecurity Requirements for Common Software and Security Tools

• EN 304 617 – Browsers
• EN 304 618 – Password managers
• EN 304 619 – Anti-malware tools (search, removal, quarantine)
• EN 304 620 – Virtual Private Networks (VPNs)

Network Infrastructure & Security Ecosystem Components

• EN 304 621 – Network Management Systems (NMS)
• EN 304 622 – Security Information and Event Management (SIEM)
• EN 304 625 – Physical and virtual network interfaces
• EN 304 627 – Routers, modems for internet access, and network switches

System & Platform Requirements

• EN 304 623 – Boot managers
• EN 304 624 – Public Key Infrastructure (PKI) and digital certificate issuance software
• EN 304 626 – Operating Systems (OS)
• EN 304 635 – Virtualisation Execution Stack (VES) and Container Execution Stack (CES), including hypervisors and container runtimes
• EN 304 636 – Firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS)

Why These Draft Standards Matter

These documents form a central part of Europe’s efforts to ensure secure‑by‑design digital products. Once finalized, they are expected to serve as presumption‑of‑conformity standards, helping manufacturers demonstrate compliance with the Cyber Resilience Act more efficiently.

Public Consultation Now Open

ETSI encourages industry professionals, cybersecurity specialists, and regulatory stakeholders to review the Draft Standards and submit comments.
The full set of documents can be accessed here, and feedback may be provided through ETSI’s official consultation channels.