Cyber Resilience Act: BSI wird marktüberwachende Behörde

AI Analysis

The German Federal Office for Information Security (BSI) has been officially designated as the national market surveillance authority for the Cyber Resilience Act (CRA). This announcement confirms the BSI's central role in enforcing the CRA within Germany, including conducting audits, investigating non-compliance, and imposing corrective measures.

This designation directly affects all manufacturers of products with digital elements placing goods on the EU market, with the BSI holding jurisdiction over those operating in Germany. This includes a wide range of sectors from hardware manufacturers to software developers.

Compliance teams for in-scope companies should immediately ensure their internal processes align with CRA requirements, including conformity assessments and vulnerability handling. They must prepare for potential scrutiny from the BSI, ensuring technical documentation and incident reporting protocols are robust and readily available for inspection. Engaging with the BSI's published guidance will be essential.