Artikel 71 Inkrafttreten und Geltungsbeginn

Summary What does Article 71 of the CRA regulation say?

This is the entry into force and application article, which is a standard closing provision in EU regulations.

It establishes when the Cyber Resilience Act becomes legally binding and when its obligations must actually be complied with.

Notably, while the regulation enters into force shortly after publication, full application is deferred to give economic operators and Member States time to prepare.

Two sets of provisions are carved out for earlier application, specifically the reporting obligations in Article 14 and the conformity assessment body framework in Chapter IV.

Important points:

The regulation applies in full from 11 December 2027, giving businesses time to prepare for compliance.
Article 14 (vulnerability and incident reporting obligations for manufacturers) applies earlier, from 11 September 2026.
Chapter IV (Articles 35 to 51), covering notified bodies and conformity assessment procedures, applies from 11 June 2026.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

1. Diese Verordnung tritt am zwanzigsten Tag nach ihrer Veröffentlichung im Amtsblatt der Europäischen Union in Kraft.
1. Diese Verordnung gilt ab dem 11. Dezember 2027.
2. Artikel 14 gilt jedoch ab dem 11. September 2026, und Kapitel IV (Artikel 35 bis 51) gilt ab dem 11. Juni 2026.

Table of contents

Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.

Relevant recitals