The Industrial Security Podcast NIS2 and the Cyber Resilience Act (CRA) [The Industrial Security Podcast]
15 snips
Jul 28, 2025 Christina Kiefer, an attorney at Reusch Law, dives into the crucial implications of the NIS2 legislation and Cyber Resilience Act (CRA) for EU businesses. She discusses the inconsistent implementation of NIS2 across Europe and the compliance challenges companies face. The conversation highlights the CRA's impact on digital product manufacturers and the heightened obligations arising from increased cyber attacks. Kiefer offers insights on navigating these complex regulations, emphasizing the urgency for companies to adapt their cybersecurity strategies.
AI Snips
Chapters
Transcript
Episode notes
Report Incidents To Each Relevant Authority
- Report severe security incidents to each national authority where you fall under scope; NIS2 does not mandate a single EU portal.
- Monitor national portals and any schemes where one authority forwards reports to others to avoid missed filings.
Reporting Is For Severe Incidents, Not All Events
- NIS2 requires reporting only severe security incidents after an initial incident assessment and severity test.
- Reports go to national authorities and are not publicly published by default, though consumer notification obligations may apply.
CRA Is A Product-Focused EU Regulation
- The Cyber Resilience Act (CRA) is an EU regulation that applies directly across member states and targets products with digital elements.
- NIS2 governs entity cybersecurity while the CRA governs product cybersecurity.