The European Union has reached an agreement on the EU Cyber Resilience Act (CRA), a regulation akin to GDPR for cybersecurity, aiming to protect consumers from insecure digital products. The CRA introduces mandatory cybersecurity measures such as vulnerability disclosure, Software Bill of Materials, and security updates throughout the product life cycle, covering a wide range of digital products including operating systems, baby monitors, and firewalls. Companies have 36 months to comply with penalties of up to €15 million or 2.5% of global turnover for non-compliance. The regulation also includes exemptions for open-source software developed without commercial intent and products already regulated by specific laws. The CRA is set to be adopted in 2024, marking a significant stride in strengthening digital security across the EU.