As part of its digital strategy, the European Union (EU) is creating an increasingly dense regulatory framework for digital and connected products. As a result, provider, deployer, distributors, and importers of smart and autonomous products are facing an increasingly complex regulatory environment.
In particular, the AI Act (Regulation (EU) 2024/1689) and the Cyber Resilience Act (CRA, Regulation (EU) 2024/2847) increase the cybersecurity requirements for such products. Both regulations share a “cybersecurity by design” approach by requiring cybersecurity requirements to be taken into account during the design, development, and manufacture of products. Existing legislation, such as the Cyber Security Act (CSA, Regulation (EU) 2019/881), is operationalized by the CRA: The CSA's certification frameworks, which have often been voluntary up to now, are made partially mandatory by the CRA for critical products and thus become a central component of compliance. In some cases, however, the EU's sectoral harmonization regulations already set requirements for the cybersecurity of AI models and systems – such as the Medical Devices Regulation (Regulation (EU) 2017/745). All stakeholders along the AI value chain must now find their way through this regulatory jungle. This is accompanied by a “do-or-die” situation that is crucial for continued compliance with the now essential cybersecurity requirements – companies must take targeted action to meet the various requirements. At the same time, the EU is endeavoring to avoid double burdens on stakeholders as far as possible by creating synergies between legal acts and linking requirements.
Strict cybersecurity requirements under the AI Act
Article 15 of the AI Act sets out requirements for the accuracy, robustness, and cybersecurity of high-risk AI systems in accordance with Article 6 of the AI Act. With regard to cybersecurity, Article 15(5) of the AI Act requires providers to design high-risk AI systems in such a way that they are resistant to attempts by unauthorized third parties to alter their use, output, or performance by exploiting system vulnerabilities. The term “cybersecurity” itself, as used in the AI Act, is thus merely described, but not defined. Although the AI Act does not contain comprehensive obligations with regard to specific cybersecurity measures, Article 15(5) subparagraph 3 of the AI Act does provide a catalog of exemplary measures that can serve as technical solutions for AI-specific system vulnerabilities. The examples of rules include measures for the prevention, detection, elimination, and control of the following vulnerabilities:
- Manipulation of the training data set (“data poisoning”),
- Manipulation of pre-trained components (“model poisoning”),
- Manipulation of input data intended to cause the AI model to make errors (“adversarial examples” or “model evasions”) and
- Attacks on confidential data or model deficiencies.
However, the AI Act itself emphasizes that there is no “one-size-fits-all” solution: Article 15(5) subparagraph 2 of the AI Act requires providers to ensure that the technical solutions used to guarantee cybersecurity are “appropriate to the circumstances and risks involved.” This means that the cybersecurity measures required under the AI Act are not limited to standard measures, but must be implemented individually on the basis of the mandatory risk security assessment under Article 9 of the AI Act.
As part of the conformity assessment procedure, compliance with cybersecurity requirements must also be demonstrated (Article 43 AI Act).
The CRA's regulatory approach
The CRA pursues a horizontal regulatory approach for a uniform level of cybersecurity and, unlike most European cybersecurity legislation, is product-specific rather than sector-, institution-, or company-specific. The regulation basically covers all “products with digital elements”: According to the legal definition in Article 3(1) CRA, these are all software or hardware products and their remote data processing solutions, including software or hardware components that are placed on the market separately. This includes, for example, text processing programs, connected toys, and smart meter gateways used in connection with digital electricity meters.
In conjunction with Article 2(1) CRA, which defines the scope of the regulation, it becomes clear that only products that have a direct or indirect logical or physical data connection to a device or network are to be regulated. This requires the remote data processing solution referred to in Article 3(1) and (2) CRA. Remote data processing (cf. Art. 3 No. 2 CRA) is “remote data processing for which software is designed and developed by the manufacturer itself or under its responsibility and without which the product with digital elements could not perform one of its functions.” In this respect, the term “connected products” is often used in general.
While the AI Act regulates AI models and systems regardless of their connectivity, it is precisely this connectivity that is crucial for the CRA. In practice, however, the areas of application of the CRA and the AI Act will often overlap.
Specific cybersecurity requirements under the CRA
Under the CRA, every product placed on the market that contains digital elements must meet basic cybersecurity requirements, cf. Art. 13(1) and (14) CRA. The CRA does not specify which cybersecurity requirements must be taken into account during design, development, and manufacturing. Instead, Annex I, Part I of the CRA initially calls for an “appropriate level of cybersecurity” without defining this in more detail, while Art. 13(8) CRA prescribes effective treatment of vulnerabilities that arise in accordance with Annex I, Part II CRA for the expected product lifetime and support period. This is a good thing: only by addressing product-specific circumstances on a case-by-case basis can a consistently high and uniform level of cybersecurity be achieved across the EU. Two criteria are decisive in determining the adequacy of the level of cybersecurity.
- First, the cybersecurity level must be aligned with the general objective of the CRA, namely to create a uniformly high level of cybersecurity within the EU (see recitals 1 and 8).
- Second, the appropriate cybersecurity level must be determined on the basis of the risk assessment to be carried out by the manufacturer. Here the following applies: the higher the identified risk, the more it must be taken into account in the technical design of the product with digital elements. The risk assessment referred to in Annex I, Part I, Section 1 CRA must, in principle, be carried out by the manufacturer itself in accordance with Art. 13(2) CRA.
Based on the assessment of the specific cybersecurity risk of the product, manufacturers must address in particular the relevant cybersecurity requirements in Annex I, Part I, Section 2 CRA. The requirements listed there can be summarized as follows:
- Secure from the outset: Products must not contain any known vulnerabilities and must be provided with secure default settings.
- Up-to-date and protected: Security vulnerabilities must be able to be remedied promptly through (automatic) updates.
- Data security and data minimization: Protection of confidentiality and integrity through encryption and data minimization.
- Access and availability: Protection against unauthorized access and assurance of basic functions even in the event of security incidents.
- Transparency and control: Logging of security-related events and the ability to securely delete or transfer data.
While the products are on the market, manufacturers must ensure that cybersecurity requirements are met – this includes, above all, continuous compliance, which must be ensured through appropriate procedures. The same applies if the manufacturer changes the design or features of the product.
The conformity assessment depends on the risk-based classification of the product with digital elements in accordance with Articles 6 to 8 CRA.
Clear relationship between the AI Act and the CRA
The CRA and the AI Act are complementary. Article 12 CRA systematically aligns the requirements for products that fall within the scope of both regulations. According to Article 12(1) CRA, the cybersecurity requirement of Article 15(1) AI Act is deemed to be fulfilled if the product in question complies with the essential cybersecurity requirements of the CRA (Annex I, Parts I and II); accuracy and robustness remain unaffected and continue to be governed by Article 15 AI Act.
The CRA thus specifies the previously open-ended term “cybersecurity” in the AI Act in technical and methodological terms (“cybersecurity by design”). Article 12(2) CRA avoids internal and regulatory double checks by stipulating that, for products that are also high-risk AI systems, the conformity assessment procedure of the AI Act pursuant to Article 43 AI Act is generally applicable – the bodies notified there also check the relevant CRA requirements. In the future, the EU would like to introduce a “single application” procedure. According to this, a manufacturer can submit a single application to a notified body in order to obtain certifications required by various legal acts in a uniform manner.
A company uses recruiting software that analyzes application documents using machine learning, evaluates applicants based on predefined criteria, and makes an automated preselection. The system is provided via a cloud platform and is in constant communication with company databases—it is therefore a connected product with digital elements within the meaning of Art. 3 No. 1 CRA.
Since the recruiting software is both a product with digital elements (CRA) and a high-risk AI system (AI Act), Art. 12 CRA applies directly: if the software meets the basic cybersecurity requirements of the CRA, the cybersecurity requirement of Art. 15 AI Act is deemed to be fulfilled. At the same time, only one conformity assessment procedure in accordance with Art. 43 AI Act is carried out, which also covers the CRA aspects.
However, Article 12(3) CRA provides for certain narrowly defined exceptions: for important or critical product categories listed in Annexes III/IV CRA, which are subject to specific CRA assessment paths, the CRA conformity procedure remains the primary procedure as far as the essential cybersecurity requirements are concerned.
Conclusion and outlook
Overall, Article 12 CRA creates a coherent interface between the AI Act and the CRA. It reduces legal and procedural costs by standardizing responsibilities and, at the same time, strengthens the standard of protection by specifying AI-specific cybersecurity via the CRA and integrating it into the conformity assessment of the AI Act. This makes the previously undefined cybersecurity requirements of the AI Regulation more tangible from a technical and methodological perspective.
In practice, this means that providers and manufacturers of AI-based products benefit from a uniform testing and certification framework that avoids double assessments and creates legal certainty. At the same time, the close interlinking of both regulations ensures more efficient market surveillance and a clear point of contact in the conformity assessment procedure.
The regulation exemplifies how the EU is increasingly regulating digital law in a networked and systematic manner: instead of isolated individual requirements, there are interlocking legal frameworks that enable technical innovation without neglecting the protection of consumers and data. This is a goal that the European Commission is also pursuing with its Digital Omnibus Package , presented on November 19, 2025. Bureaucratic hurdles for the economy that have grown over time are to be consistently reduced through the harmonization of digital regulations. The Digital Omnibus Package is intended to adjust some of the key digital legislation, such as the AI Act, the GDPR, and the Data Act in particular. However, the legislative package still has to go through the European legislative process, so changes to its content are still possible.
Co-Author: Chrstian Zander
