[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [open-regulatory-compliance] Is there anything outside the scope of CRA's connection requirement?
|
On 28 Dec 2024, at 19:58, Idelberger, Florian (IIWR) via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
> One question I have asked myself but haven’t found a satisfactory answer to yet - are there any products that are exempt by not (directly or indirectly) being used with a network connection? Arguably, the product categories are quite broad, so it seems almost this requirement does not really matter. But then why not extend it to all products, independent if they have a network connection or not? Is this just a product of the CRAs legislative history?
From what I can see -- the scope is specific to a indirect or direct network interface; i.e to be cyber resiliance against something that is connectable over the internet. As opposed to a physical attack. Also - there are quite a few specified exclusions / lex-specialists that exempt services/products that are already covered by existing rules, which is the case for medical devices, aviation and cars; covering quite some ground for stuff not connected to a network that still matters from a society wide cyber resilliance perspective.
Dw
