Skip to content
EU

EU Cybersecurity Rules: Technical Categories for Important and Critical Digital Products

The European Commission has adopted Implementing Regulation (EU) 2025/2392, which defines the technical descriptions of categories of important and critical products with digital elements under the Cyber Resilience Act (Regulation (EU) 2024/2847). This regulation aims to strengthen cybersecurity across the EU by clarifying which products require stricter conformity assessments and, in some cases, mandatory third-party certification.

Key Points

  • Scope of Regulation
    The rules apply to products with digital elements whose core functionality falls under categories listed in Annexes III and IV of the Cyber Resilience Act. These include operating systems, VPNs, routers, smart home devices, and more.

  • Important Products
    Examples include:

    • Identity management systems and privileged access management tools
    • Standalone and embedded browsers
    • Password managers
    • Antivirus and antimalware software
    • VPN clients and servers
    • Network management systems
    • Smart home assistants and security devices
  • Critical Products
    These require the highest level of security assurance and may need European cybersecurity certification. Examples include:

    • Hardware security modules
    • Smart meter gateways
    • Smartcards and secure elements
  • Compliance Requirements
    Manufacturers must:

    • Conduct comprehensive cybersecurity risk assessments
    • Implement essential cybersecurity requirements proportionate to risk
    • Follow specific conformity assessment procedures for important or critical products

For any questions, clarifications, or further information regarding this consultation, please contact: Sofilyx Compliance

Section Title

Canada ISED Updates Technical Requirements for 21.2–23.6 GHz Fixed Radio Systems

Canada updates SRSP-321.2 with expanded spectrum, new bandwidths, and improved technical...

Belize Updates National Spectrum Allocation Plan for 2026

Belize updates its spectrum plan to boost connectivity, innovation, and efficient frequency use...

Brazil ANATEL Updates Technical Rules for Mobile Signal Boosters

ANATEL updates technical rules for indoor signal boosters to improve connectivity and prevent...

Togo Adopts New National Frequency Plan

Togo improves spectrum management with a new national plan supporting connectivity and innovation...

Vietnam Updates Product Certification Rules (Circular No. 14/2026/TT-BKHCN)

Vietnam’s Circular No. 14/2026/TT-BKHCN introduces a modern, risk-based approach to product...

FCC Offers Faster Certification for Products Tested in Trusted Labs

The FCC introduces new rules to accelerate certification for products tested in trusted labs while...

European Commission to Repeal Cybersecurity Regulation (EU) 2022/30 by 2027

The European Commission has confirmed the repeal of Delegated Regulation (EU) 2022/30 through...

Indonesia Regulation No. 8 of 2026: Radio Spectrum Allocation Update

Indonesia has introduced Regulation No. 8 of 2026, updating the national spectrum allocation...

Type Approval Is Now Required for Electronic Communications Equipment in Eswatini

From April 2026, Eswatini will require valid type approval certification for all electronic...