In support of the implementation of the Cyber Resilience Act (Regulation EU 2024/2847), the European Commission has published draft guidelines clarifying the categorization and compliance expectations for products with digital elements (PDEs).
This documentation provides essential operational clarity on vulnerability handling requirements, risk assessment methodologies, and the delineation of product classes. The Commission has opened a public consultation period, inviting feedback from manufacturers, cybersecurity researchers, and standardisation bodies until 31 March 2026. Stakeholders are highly encouraged to participate to ensure the guidelines remain practical and effective.