Red Hat's commitment to the EU Cyber Resilience Act: Shaping the future of cybersecurity standards

Red Hat's commitment to the EU Cyber Resilience Act: Shaping the future of cybersecurity standards Deep involvement in European standardisation Championing open source in a standardised world Voices from the front line Conclusion: Building a more secure future together Red Hat Learning Subscription | Product Trial About the authors Jaroslav Reznik Pavel Hruza Roman Zhukov James Lovegrove More like this Sovereignty emerges as the defining cloud challenge for EMEA enterprises Smarter troubleshooting with the new MCP server for Red Hat Enterprise Linux (now in developer preview) Keep exploring Browse by channel Automation Artificial intelligence Open hybrid cloud Security Edge computing Infrastructure Applications Virtualization Share As our reliance on connected devices and software deepens, the need for robust, transparent, and consistent cybersecurity practices is increasingly critical. The European Union's Cyber Resilience Act (CRA) represents a landmark legislative moment, with the act’s purpose to be “ensuring that hardware and software products are placed on the market with fewer vulnerabilities and that manufacturers take security seriously throughout a product's lifecycle”. This welcomed initiative aims to protect consumers and businesses with products that are secure by design and manufacturers who are transparent about their security practices. At Red Hat, we believe that a more secure digital future is built on open principles and collaboration. We support the goals of the CRA and are engaged in the critical work of shaping its implementation such as implementing/delegated acts, guidance for open source as well as Harmonized European Standards (hEN), that will underpin this regulation. Our commitment is not just about compliance, it's about using our expertise in open source and enterprise security to help build a more resilient and trustworthy digital ecosystem for everyone. The success of the CRA hinges on the development of practical, effective, and widely accepted harmonised standards. These standards will provide manufacturers with a clear framework for meeting the Act's essential requirements. Red Hat is contributing to this process through our participation in key European Standardisation Organisations (ESOs), which the EU Commission mandated to produce these standards. Our involvement is twofold, addressing both broad, cross-sectoral standards and those specific to the following key technology domains: Horizontal standards (CEN/CENELEC): We are an active member of the Committee for Standardization (CEN) and European Committee for Electrotechnical Standardization (CENELEC) Joint Technical Committee 13 Working Group 9 (JTC 13/WG 9) on Cybersecurity and Data Protection. This body is responsible for developing horizontal standards that are expected to be used by manufacturers that develop products across various industries. We contribute to these areas by making secure software development practices practical and clear, helping define foundational principles for vulnerability management and supply chain security that align directly with modern, open source development methods.