Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[open-regulatory-compliance] Fwd: Updates on CRA: delegated acts & ETSI deep-dive sessions
Dear ORC community, 

Find below the message shared by the Commission, these are the key elements of the message:
- Adoption of delegated act on terms and conditions for CSIRTs
- Consultation on draft repeal of RED Delegated Act
- deep dive sessions about vertical standards developed in ETSI

Have a great weekend,
Juan


Begin forwarded message:

Subject: Updates on CRA: delegated acts & ETSI deep-dive sessions
Date: December 12, 2025 at 08:49:34 GMT+1

Dear CRA Network,
 
Please find below some updates related to the implementation of the Cyber Resilience Act (CRA).
 
Adoption of delegated act on terms and conditions for CSIRTs
On 11 December, the Commission adopted a delegated act supplementing the CRA by specifying the terms and conditions for applying the cybersecurity-related grounds in relation to delaying the dissemination of notifications.
This act supports the application of the cybersecurity-related grounds empowering a Computer Security Incident Response Team (CSIRT) to delay dissemination to other CSIRTs of notifications received from manufacturers, in accordance with Articles 14 and 16 of the CRA.  The adopted act has been transmitted to the European Parliament and the Council for the so-called “objection period” (2 months, with possibility for extension). If neither institution opposes during this period, the act will be published in the Official Journal of the European Union.
 
Consultation on draft repeal of RED Delegated Act
The Commission has also published a Have Your Say consultation on the draft text repealing Delegated Regulation (EU) 2022/30 (the Radio Equipment Directive Delegated Regulation on cybersecurity). The draft text foresees that the repeal will take effect from 11 December 2027, the date of full application of the CRA. The consultation is available until 7 January 2026.
 
ETSI deep-dive sessions
Finally, please see below the links to 4 upcoming deep-dive sessions organised by ETSI on some of the vertical standards being developed in support of the CRA. In each session, the rapporteur of one of the vertical standards will present their work in detail — giving the audience the opportunity to ask questions, share ideas, and contribute to the ongoing development of these important standards.
 
These interactive sessions will be run online; they are free and open to ETSI members and non-members. 
Note: the webinars are limited to 250 participant, to facilitate interactions between the rapporteur and the participants.
 
  1. 16 December, 14:00 – 15:30 CET: Routers, modems & switches
  2. 16 December, 15:30 – 17:00 CET: Hypervisors and container runtime systems
  3. 17 December, 14:00 – 15:30 CET: Firewalls
  4. 17 December, 15:30 – 17:00 CET: Antivirus
 
Please reach out to events@xxxxxxxx for any query concerning this.
 
We trust you find this information useful, and please do not hesitate to disseminate it to interested stakeholders.
 
Best wishes,
CRA Team
 
Have you been forwarded this email? Sign up here. 
You no longer wish to receive these updates? Please reply to this email and we will delete you from our database.

Back to the top