Geneva (September 25, 2025) – SGS, the world’s leading testing, inspection and certification company, has issued SafeGuardS 131.25 to inform stakeholders of recent progress in the implementation of the EU Cyber Resilience Act (CRA).
Since the European Commission adopted the CRA on November 20, 2024, and came into effect on December 11, 2024, notable advancements have been made by the European Commission, European standardization organizations and the European Union Agency for Cybersecurity (ENISA).
On April 3, 2025, the Standardization Request for the CRA was officially accepted by the European Committee for Standardization (CEN), the European Committee for Electrotechnical Standardization (CENELEC) and the European Telecommunications Standards Institute (ETSI). These organizations have committed to delivering harmonized standards to support compliance ahead of regulatory deadlines. Standards under development include Type A standards outlining cyber resilience principles, Type B horizontal standards defining product-agnostic cybersecurity requirements and Type C vertical standards tailored to specific digital product categories. Publication dates range from August 2026 to October 2027.
By April 18, 2025, feedback on the draft technical descriptions for important and critical products with digital elements had been received from 122 companies, organizations and individuals. The European Commission will adopt an implementing act specifying the technical description of these categories by December 11, 2025.
The CRA expert group, comprising representatives from the European Commission, member states, ENISA and industry, has held two meetings to provide advisory input on delegated and implementing acts and guidance documents. Discussions covered technical descriptions, open source software, risk assessments, remote data processing solutions and the interplay of the CRA with other EU regulations.
ENISA has published guidance on how the EU Common Criteria (EUCC) scheme can support CRA compliance, including pilot projects to test the interplay between EUCC certification and CRA requirements. These pilots aim to validate technical mappings, identify gaps and provide recommendations for CRA compliance. They are expected to conclude in Q1 2026.
Additional CRA-related initiatives include the launch of the European Vulnerability Database on May 13, 2025, and the development of a Single Reporting Platform to facilitate vulnerability and incident notifications. Reporting obligations for actively exploited vulnerabilities and significant incidents will be enforced from September 11, 2026.
SGS publishes SafeGuardS to help industry stakeholders stay informed about regulatory and compliance developments. SafeGuardS 131.25 highlights the latest updates on CRA implementation, including progress on standardization, ENISA pilot projects, updated guidance and reporting infrastructure. Stakeholders are encouraged to review SafeGuardS 131.25 to remain current with evolving CRA requirements and ensure appropriate measures are in place to manage digital product cybersecurity risks.
Brightsight services
Brightsight, an SGS company, provides comprehensive support for businesses navigating the CRA’s requirements. Our experts assist with gap analysis, evaluating existing cybersecurity practices and providing the necessary guidance to efficiently achieve certification. From training workshops and technical documentation reviews to conformance testing and final certification, we ensure that businesses are well-equipped to meet international market standards and maintain long-term compliance. Learn more about Brightsight’s services for the Cyber Resilience Act.
SGS SafeGuardS keep you up to date with the latest news and developments in the consumer goods industry. Read the full Update on Developments Relating to the EU Cyber Resilience Act SafeGuardS.
Subscribe today and receive SGS SafeGuardS direct to your inbox.
For further information contact:
Alex Rubert
Sales Manager
Tel: +33 484 800 085
Website: www.brightsight.com
LinkedIn: SGS Brightsight
About SGS
SGS is the world’s leading Testing, Inspection and Certification company. We operate a network of over 2,500 laboratories and business facilities across 115 countries, supported by a team of 99,500 dedicated professionals. With over 145 years of service excellence, we combine the precision and accuracy that define Swiss companies to help organizations achieve the highest standards of quality, compliance and sustainability.
Our brand promise – when you need to be sure – underscores our commitment to trust, integrity and reliability, enabling businesses to thrive with confidence. We proudly deliver our expert services through the SGS name and trusted specialized brands, including Brightsight, Bluesign, Maine Pointe and Nutrasource.
SGS is publicly traded on the SIX Swiss Exchange under the ticker symbol SGSN (ISIN CH1256740924, Reuters SGSN.S, Bloomberg SGSN:SW).