The EU Cyber Resilience Act (entered into force October 2024) imposes mandatory cybersecurity requirements on all hardware and software products sold in the EU market — including vulnerability handling obligations, security update support for the product's full lifetime, and CE marking contingent on cybersecurity conformity assessment. Zero Trust principles are embedded throughout CRA product requirements: manufacturers must implement authentication, access control, encrypted communications, and minimal attack surface by design — making Zero Trust not just an organisational practice but a product certification requirement for the EU market.
CRA