Cyber Resilience Act: EU Market Surveillance Group elects New Chair and Vice-Chair

The first meeting of the Administrative Cooperation Group for the Cyber Resilience Act (CRA) has marked an important step in preparing for the enforcement of the CRA, which will strengthen cybersecurity requirements for digital products across the EU.

The meeting took place on 19 March in Athens, hosted by the European Union Agency for Cybersecurity (ENISA).

Anna Schwendicke (BSI, Germany) was confirmed as Chair, with Xenia Kyriakidou (National Cybersecurity Certification Authority of Cyprus) serving as Vice-Chair. Their leadership will be crucial in guiding the group's work to ensure effective enforcement of the CRA across the EU.

The Role of the Administrative Cooperation Group in Enforcing the Cyber Resilience Act

The Cyber Resilience Act, adopted in December 2024, introduces mandatory cybersecurity requirements for manufacturers and developers of products with digital elements-such as smart devices, industrial IoT, and software-throughout their lifecycle. The regulation adopts an ex-post enforcement model, meaning that Member States are responsible for verifying compliance once products are placed on the EU market.

Under this system, national authorities can request corrective actions or restrictive measures from economic operators-including manufacturers, authorised representatives, importers, and distributors-to address cybersecurity risks. Given the cross-border nature of cyber threats, the AdCo will play a pivotal role in fostering cooperation among EU countries, ensuring consistent enforcement and reinforcing the credibility of the CRA's market surveillance framework.

A well-coordinated approach is essential to protect consumers and businesses from cyber vulnerabilities while maintaining a level playing field in the Single Market.

Learn more about the role of Member States in the CRA

Related topics