EU Cyber Resilience Act
Payara’s Response to the EU Cyber Resilience Act
The Cyber Resilience Act (CRA) will become law in Europe in 2024 and Payara is actively working to assist our customers to be well informed and ready to work toward compliance with this new legislation. Affected manufacturers will be required to apply the legislation 36 months after its publication by the Office of the European Union. EU and non-EU vendors selling a product or service with a digital component, including software – and who export to the EU – are required to comply.
What is the Purpose of the EU Cyber Resilience Act?
A key objective of the CRA is to ensure a common and high level of cybersecurity for connected products (“products connected directly or indirectly to another device or 1network” as per the EU Cyber Resilience Act definition) made available on the European market. This will be achieved
through the development and implementation of harmonized cybersecurity standards applicable to such products – throughout their lifecycle.
Are There Penalties for Non-Compliance?
Non-compliant companies can be fined $15 million or 2.5% of their global annual turnover – whichever is higher. Authorities may also intervene with orders to eliminate risk, restrict the product, or even issue a product recall.
CRA Update Webinar –
Watch On-Demand
November 2024 – From Compliance to Competitive Advantage: Strengthening Cyber Resilience
Building on the foundational insights from our previous Cyber Resilience Act (CRA) sessions earlier in the summer, this webinar will update you on the next phase of cyber resilience by moving beyond mere compliance with the Cyber Resilience Act. Join Julia Apostle (Orrick) and Steve Millidge (Payara) to learn actionable steps for aligning your cyber resilience initiatives with future regulations and innovations, ensuring your organization is prepared to not only meet legal requirements but also drive sustainable, long-term security.
Watch on YouTubePayara’s Response to the EU Cyber Resilience Act
Stay ahead of the curve with Payara’s comprehensive resource on the EU Cyber Resilience Act (CRA). This essential resource provides detailed insights into the upcoming legislation, its implications for your business, and practical steps to ensure compliance.
Download ResourceThe Cyber Resilience Act’s aim is to:
“impose cybersecurity obligations on all products with digital elements whose intended and foreseeable use incudes direct or indirect data connection to a device or network” (EU cyber-resilience act, Briefing – 28-11/2023)
How Does Payara Support Its Customers to Achieve Compliance?
Payara’s application server technology plays an important role in the operation of many software applications or related products that may fall within the scope of the CRA. We have been closely following the evolution of the legal requirements and we understand that our customers may need our assistance to help them work towards fulfilling their own compliance objectives. For example, products within the scope of the CRA must undergo a written “conformity assessment”; affix a conformity mark to their product; conduct cybersecurity risk assessments; provide security updates free of charge for five years; report vulnerabilities; and disclose any successfully exploited vulnerabilities within 24 hours.
At Payara, we constantly enhance our cybersecurity measures to meet top standards. Our products— Payara Server, Payara Micro Enterprise Edition, and Payara Cloud—come with essential features and configurations to strengthen your security.
Download Resource
The Risks of Using the Payara Platform Community for Secure and Compliant Applications
While the Payara Platform Community Edition is geared towards rapid development and innovation, its frequent changes and evolving features pose significant challenges for those seeking long-term stability and regulatory compliance. Unlike Payara Platform Enterprise and Payara Cloud, the Payara Community Edition lacks the comprehensive compliance features required to meet stringent regulatory standards, including CRA, making it an unsuitable choice for applications where security and compliance are imperative.
What Payara Products Should I Use to Ensure Compliance?
Users should consider the Payara Platform Enterprise or Payara Cloud. Those products are specifically designed for mission-critical systems where stability, security, and compliance are paramount. Payara Platform Enterprise offers long-term support with a stable release cycle, ensuring that APIs and features remain consistent and reliable over time. Additionally, it includes extensive compliance and security features to meet stringent regulatory requirements. With professional support, regular maintenance updates, and guaranteed response times, Payara Platform Enterprise provides the robustness and assurance needed for enterprise-level applications. This makes it the optimal choice for organizations that prioritize operational continuity and regulatory adherence.
Try Payara Enterprise For Free
Get You Started with Payara Server Enterprise
Book a FREE demo or contact our team to explore how Payara Server Enterprise supports secure, stable, and high-performance Java applications. Access resources to get started quickly or dive deeper into the platform.