2025-06-19 –, Secondary stage
The Cyber Resilience Act (CRA) marks a transformative step in the European Union’s cybersecurity regulatory landscape. Entering into force in December 2024, with full obligations applying from December 2027, the CRA introduces mandatory cybersecurity requirements for a wide range of products with digital elements including hardware, software, and remote data processing solutions—sold within the EU single market.
This presentation will provide a comprehensive overview of the CRA’s scope, key obligations, and implications for companies across the digital product supply chain.
Participants will gain practical insights into how to prepare for CRA compliance, including a five-step roadmap: from applicability assessment and product classification to gap analysis, action planning, and implementation. With significant penalties and market access restrictions for non-compliance, early preparation is essential. This session aims to equip stakeholders with the knowledge and strategies needed to ensure readiness and resilience in the face of evolving EU cybersecurity regulations.
Sadia Berdai is a legal expert specializing in digital law and head of the "Artificial Intelligence, Innovation, and Digital" department at the National Commission for Data Protection (CNPD) in Luxembourg. She notably launched the regulatory sandbox initiative dedicated to data protection, supporting innovative projects within a secure and compliant framework.
Before joining the CNPD, she led cybersecurity projects at POST Luxembourg and distinguished herself through several publications and research projects at the intersection of law and emerging technologies.