Navigating the Cyber Resilience Act: Implications for the Dynamo Horizon Project

Abstract

This work-in-progress paper develops an operational model for the DYNAMO Horizon Europe Project to ensure compliance with the EU Cyber Resilience Act (CRA). Compliance with the CRA enables DYNAMO to provide a high level of security and maintain its competitiveness. By meeting the CRA requirements, DYNAMO can protect its users, strengthen its market position, and promote best practices in cybersecurity. The area in which DYNAMO works is critical to society, creating a complete platform of tools and frameworks for cyber threat intelligence. Tools included in the platform need to abide by the regulations in place and being compliant also helps DYNAMO ensure that the tools are safer for the users of its platform. The regulations cause complications and confusion without sufficient preparation. As a subject still under research, with pending regulation, this study provides future proofing and assistance in planning efficient transition to compliance. Compliance for third parties is simplified in regulation. Open-source software provides a powerful exception to this regulation as well, being useful as a method of risk transference through using these exceptions. DYNAMO can utilize these aspects of the CRA to enhance compliance. How different companies are fulfilling their vulnerability management regarding CRA is a venue for future research purposes, as are methods for futureproofing compliance, and the impacts of CRA on Artificial Intelligence use, and how this intersects with the AI Act.