Euralarm, a prominent voice in the fire safety and security industry, has recently published a statement regarding the categorisation of alarm systems as critical products under the Cyber Resilience Act (CRA).

This statement, highlighting key concerns and recommendations, comes as a response to ongoing discussions about the CRA, which aims to enhance the cyber resilience of products and services in the European Union.

Understanding Euralarm’s position on CRA Critical Products

The statement issued by Euralarm underscores the organisation’s anticipation for a clear and proportionate final text of the CRA.

Euralarm’s primary concern revolves around the potential categorization of some products from the sectors it covers as critical Class I.

The organisation emphasises the necessity of using well-defined terms when listing security products or alarm systems in Annex III as critical Class I category.

The term “smart,” as used in the compromised amendments from the European Parliament, is highlighted as a particularly vague term that can lead to varied interpretations.

Clarity and industry involvement in CRA implementation

Euralarm is advocating for a description of the category in the CRA that is as clear as possible, to ensure that industry members understand the range of products targeted by the European Parliament and the Council.

The organisation also stresses the importance of involving industry stakeholders in preparing the complementary acts foreseen by Article 6(3) of the CRA.

This involvement is seen as crucial for producing complementary acts that are well understood, interpreted, and ensure legal certainty for the industry.

Recommendations for a balanced and effective CRA

Euralarm’s statement includes specific recommendations for the co-legislators and the European Commission.

The organisation requests that the European Commission, particularly DG CNECT, involve industry stakeholders in the preparation of the complementary acts.

Euralarm believes that contributions from industry stakeholders, who are responsible for placing these products on the market, will assist the European Commission in creating well-defined and legally certain complementary acts.

IFSJ Comment

The Euralarm statement on the CRA critical products classification is a significant development in the ongoing dialogue about cybersecurity and the resilience of critical infrastructure.

It reflects the concerns of a major industry player regarding the implications of legislative changes on the fire safety and security sector.

Euralarm’s call for clarity and industry involvement underscores the need for a balanced approach that considers both security needs and the practicalities of implementing such regulations.