Practical guidance on the implementation of the Cyber Resilience Act

CER, UITP and UNIFE have published a practical guidance on the implementation of the Cyber Resilience Act in mainline and urban railways, offering clear explanations to the sector on implementing the regulation.

The rail sector has long been integrating cybersecurity measures in its systems, but with the EU Cyber Resilience Act expected to become fully applicable in December 2027, new challenges lie ahead.

Rail is characterised by the long-life cycle of its products, some lasting up to 50 years, and progress in cybersecurity must be compatible with the need to maintain ongoing operation and development of the railway system and its projects.

The first published version of the guidance (V1.0.0) can be downloaded below. A separate annex, published alongside the main guidance, outlines the expected relationship between the CRA and the vehicle authorisation process.

Documents

CRA Expert Guidance

The Voice of European Railways

Reports

Practical guidance on the implementation of the Cyber Resilience Act

Documents

Related Content

About Us

CONTACT US

TOPICS

PUBLICATIONS

Newsroom

EVENTS