EU Cyber Resilience Act
CRA compliance for networking products
Networking products such as routers and firewalls are products with digital elements and are in scope for the Cyber Resilience Act. Some network-defence products are classified as important, which raises the bar.
What to focus on
- Classify carefully — several networking categories are important (Annex III).
- Maintain an SBOM and timely security updates.
- Demonstrate secure defaults and authenticated update channels.
- Compile the Annex VII dossier and Declaration of Conformity.
Frequently asked questions
- Are routers and firewalls in scope for the CRA?
- Yes — they are products with digital elements. Some network-security products are classified as important, which changes the conformity route.
General information about the EU Cyber Resilience Act — not legal advice. Normproof provides tooling and audit-ready evidence; the manufacturer self-declares conformity. For your specific product, run the free readiness check or consult a qualified advisor.