22 months to Comply to European Cyber Resiliency Act (EU CRA) (M03a)
European Cyber Resiliency Act (EU CRA) is a powerful regulation applicable to all products that are directly or indirectly connected to another device or network. It requires security by design, through a cybersecurity risk analysis, and also assurance continuity, through a monitoring of threats and a way to sustain security in case of identified vulnerability. The deadlines for the adoption of the EU CRA are approaching: reporting obligations of manufacturers shall be in place on September 11, 2026, and all productions in the market shall be fully compliant on 11 December 2027. The EU CRA is governance oriented. Implementation resorts to norms relative to 41 identified markets.
Embedded Artificial Intelligence (AI) is a market definitely under the scope of EU CRA, which has also intersection with the EU AI act. In this respect, it is fruitful to investigate both regulations side by side. In a nutshell, EU AI act requires control and explainability over the inference work, through model traceability and attestation of data provenance.
This talk will explain how these dual objectives actually complement one with each other. Through industrial use-case, the speaker will demonstrate how:
– the confidentiality of models can be safeguarded,
– the origin of the data (used either for inference or matching) can be controlled,
– the overall AI service can be rendered securely and respectfully of applicable regulation assuming strict enforcement of cryptographic techniques to protect model and data.