Cyber Resilience Act
An EU regulation that sets mandatory cybersecurity requirements for products with digital elements, from smart devices to software, sold in the European market. Manufacturers must build in security by design, handle vulnerabilities throughout the product lifecycle, and report actively exploited flaws. It shifts responsibility for product security onto vendors rather than end users.