Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add FAQs on CRA scope #2

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add FAQs on CRA scope #2

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fa700ae
Add FAQs on CRA scope
tobie Jan 6, 2025
31c9c5a
Merge branch 'main' into tobie-faq-cra-scope
tobie Jan 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions faq.md
View file
Open in desktop
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need to open/explain first that this is about cyber resilliance for society - and that this begins & ends with a focus on network connected. E.g take something from the intro of the CRA: "The number and variety of connected devices will rise exponentially in the coming years. " and refer to recital 9 perhaps ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't this be a better fit as an addition to the question just above? https://github.com/orcwg/cra-hub/blob/main/faq.md#q-what-is-the-cyber-resilience-act-cra

Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,23 @@ The final text of the CRA can be found on [EUR-Lex][CRA] ([English HTML version]
The CRA enters into force on December 11, 2024. Reporting obligations of manufacturers ([Article 14][]) start to apply on September 11, 2026.
The notitifcation of conformity of assement bodies ([Chapter IV][]) start to apply on June 11, 2026. Everything else starts to apply on December, 11 2027.

#### Q: What is in scope of the CRA?

The following types of product are in scope of the CRA:

- Hardware products (e.g. laptops, smart appliances, mobile phones, network equipment, CPUs, etc.)
- Software products (e.g. operating systems, word processing, games or mobile apps, software libraries, etc.)
- Remote data processing solutions for any of the above
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This last line could use an "(e.g. [..])", perhaps based on one of the CRA-team's presentations, because that terms means absolutely nothing to people not already familiar.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or, to name something absolutely at random:

(e.g. a webservice that powers the spell-checking functionality of a word processing product)


#### Q: What is NOT in scope of the CRA?

The following types of product are NOT in scope of the CRA:

- Products already covered by other regulations or directives: civil aviation equipment ([2018/1139][]), marine equipment ([2014/90][]), medical devices ([2017/745][] and [2017/746][]), motor vehicles ([2019/2144][]), and software as a service (SaaS) ([NIS 2][])
- Products exclusively designed for national security or defence purposes
- Products specifically designed to process classified information

_It is worth noting however, that the intent of the EU legislators is to harmonize the various regulations mentioned above with the CRA in the near future._

## Open source projects

Expand Down Expand Up @@ -89,4 +106,11 @@ For this reason, until an updated version is available, the Blue Guide's guidanc
[Article 64(10)(b)]: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L_202402847#art_64
[Chapter IV]: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L_202402847#cpt_IV

[2014/90]: https://eur-lex.europa.eu/eli/dir/2014/90/oj
[2017/745]: https://eur-lex.europa.eu/eli/reg/2017/745/oj
[2017/746]: https://eur-lex.europa.eu/eli/reg/2017/746/oj
[2018/1139]: https://eur-lex.europa.eu/eli/reg/2018/1139/oj
[2019/2144]: https://eur-lex.europa.eu/eli/reg/2019/2144/oj
[NIS 2]: https://eur-lex.europa.eu/eli/dir/2022/2555/oj

[Blue Guide]: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52022XC0629(04)