Cyber Resilience Act: European NRMM industry calls for ad-hoc extension of the transition period

By co-signing the joint industry statement published on 12^th July, the NRMM industry calls on EU’s policymakers to allow an adequate timeframe for the redesign, testing and compliance of highly complex machinery products, such as excavators, tractors or industrial trucks and cranes. To this end, an additional delay (so-called ‘staggered approach’) of at least 24 months in the application of the new cybersecurity requirements and obligations introduced under the CRA should be granted for NRMM.

The coalition of co-signatories including CECE, construction equipment, CEMA, agricultural machinery, EGMF, garden machinery, and FEM, materials handling equipment, stresses the importance of a longer implementation timeframe due to the complex features of NRMM products where:

• Integrated sets of electronic control units communicate each other through an internal communication network to ensure the proper functioning of the product, and
• Upgrading process normally takes from 3 to 5 years, while the lifecycle of a particular product platform could be equal to 20 years.
• Manufacturers will be required to undergo a complete redesign and re-homologation.

The initiative stems from the approach taken by the EU co-legislators going in favour of a transition period equal to 36-40 months only with no staggered approach. Based on the strong impact of such a short timeline on NRMM manufacturers, the initiative aims at targeting the final votes on the negotiating mandates that are expected to be adopted at the ITRE committee (in European Parliament) and Coreper (in Council) in the coming days.

Please download the full statement here.