The CRA is a legal document, setting requirements for critical equipment for being used (brought to Market) in Europe. In contrast to technical standards, outlining (Product) requirements, the CRA is defining vulnerabilities to be mitigated. The crucial challenge for product manufacturers is how to transfer the CRA context into technical requirements to be fulfilled in order to claim CRA compliance. One potential path is to engage a notified body.
An alternative currently is under development, allowing component manufacturers to go for a self-certification of CRA compliance. An overview on the related product standards EN 50770-X currently under development is provided. The correlation of these standards, EN 62443-4.1 /4-2 and the CRA is described. In addition difference between IEC 62443 and EN 62443 is and it’s motivation is introduced.