Skip to content
EU

ETSI Publishes Draft Cybersecurity Standards for the Cyber Resilience Act

The European Telecommunications Standards Institute (ETSI) has released a comprehensive set of Draft Standards supporting the implementation of the EU Cyber Resilience Act (CRA). These new documents aim to establish harmonized cybersecurity requirements for a wide range of digital products and software components, helping manufacturers and developers meet upcoming regulatory obligations.

The Draft Standards are now publicly available for review and open for comments, allowing stakeholders across industry, government, and cybersecurity communities to contribute to their finalization.

Overview of Newly Released ETSI Draft Standards

ETSI’s draft publications cover critical categories of digital products and software widely used across consumer, enterprise, and industrial environments. The released Draft Standards include:

Cybersecurity Requirements for Common Software and Security Tools

  • EN 304 617 – Browsers
  • EN 304 618 – Password managers
  • EN 304 619 – Anti-malware tools (search, removal, quarantine)
  • EN 304 620 – Virtual Private Networks (VPNs)

Network Infrastructure & Security Ecosystem Components

  • EN 304 621 – Network Management Systems (NMS)
  • EN 304 622 – Security Information and Event Management (SIEM)
  • EN 304 625 – Physical and virtual network interfaces
  • EN 304 627 – Routers, modems for internet access, and network switches

System & Platform Requirements

  • EN 304 623 – Boot managers
  • EN 304 624 – Public Key Infrastructure (PKI) and digital certificate issuance software
  • EN 304 626 – Operating Systems (OS)
  • EN 304 635 – Virtualisation Execution Stack (VES) and Container Execution Stack (CES), including hypervisors and container runtimes
  • EN 304 636 – Firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS)

Why These Draft Standards Matter

These documents form a central part of Europe’s efforts to ensure secure‑by‑design digital products. Once finalized, they are expected to serve as presumption‑of‑conformity standards, helping manufacturers demonstrate compliance with the Cyber Resilience Act more efficiently.

Public Consultation Now Open

ETSI encourages industry professionals, cybersecurity specialists, and regulatory stakeholders to review the Draft Standards and submit comments.
The full set of documents can be accessed here, and feedback may be provided through ETSI’s official consultation channels.

For any questions, clarifications, or further information regarding this consultation, please contact: Sofilyx Compliance

Section Title

Canada ISED Updates Technical Requirements for 21.2–23.6 GHz Fixed Radio Systems

Canada updates SRSP-321.2 with expanded spectrum, new bandwidths, and improved technical...

Belize Updates National Spectrum Allocation Plan for 2026

Belize updates its spectrum plan to boost connectivity, innovation, and efficient frequency use...

Brazil ANATEL Updates Technical Rules for Mobile Signal Boosters

ANATEL updates technical rules for indoor signal boosters to improve connectivity and prevent...

Togo Adopts New National Frequency Plan

Togo improves spectrum management with a new national plan supporting connectivity and innovation...

Vietnam Updates Product Certification Rules (Circular No. 14/2026/TT-BKHCN)

Vietnam’s Circular No. 14/2026/TT-BKHCN introduces a modern, risk-based approach to product...

FCC Offers Faster Certification for Products Tested in Trusted Labs

The FCC introduces new rules to accelerate certification for products tested in trusted labs while...

European Commission to Repeal Cybersecurity Regulation (EU) 2022/30 by 2027

The European Commission has confirmed the repeal of Delegated Regulation (EU) 2022/30 through...

Indonesia Regulation No. 8 of 2026: Radio Spectrum Allocation Update

Indonesia has introduced Regulation No. 8 of 2026, updating the national spectrum allocation...

Type Approval Is Now Required for Electronic Communications Equipment in Eswatini

From April 2026, Eswatini will require valid type approval certification for all electronic...