Monitor and react to CRA developments at the EU Member States level #84
Description
As we discussed at the Global Cyber Policy WG 05 Jan 2026 https://docs.google.com/document/d/1iAplSQheMgemdMnEw74uPj3oi_6rLLbFFXhg4svqIDo/edit?tab=t.0 meeting we agreed to start the doc:
- Table Mapping of EU Member States authorities (in each country) that will be responsible for different parts of CRA implementation (MSAs, CSIRTs, CABs, etc.)
- Market Surveillance Authorities (MSA): https://webgate.ec.europa.eu/single-market-compliance-space/market-surveillance/ms-authorities?filter=legislationId:9021
- CRA Member States: https://digital-strategy.ec.europa.eu/en/policies/cra-member-states
- Gather issues with non-EU entities (manufacturers) contacting/selecting authorities. Examples:
- Who is my "main" EU country to work with?
- Corporations with no representation in the EU
- Corporations with sales offices in the EU
- Monitor country-level development in relations to the CRA
- e.g, Sweden and Finland - penalties are proposed to be part of secondary implementation (administrative) measures, despite the fact that, e.g. Stewards, are explicitly out of scope of CRA fines
- Maybe start “educating”/”Lobbying” on country-level basis (ORCWG is planning for this)
@GeauxJD can you please create a GDoc in the OpenSSF workspace so that Olle @oej can kick it off.
Thx!