Comments on the EU-Cyber Resilience Act

The EU Cyber Resilience Act (CRA) contains an opening clause. This clause allows the restriction or exclusion of products if they are already covered by other regulations addressing the same or higher cybersecurity risks. These restrictions or exclusions must be compatible with the general legal framework for these products. The sectoral regulations must achieve an equivalent or higher level of protection than this regulation provides. The German Banking Industry Committee (GBIC) is committed to ensuring that digital financial products distributed by the financial sector across the EU are eligible for such a restriction or exclusion.