Business-ready architecture. Work with an open source leader.
Try Payara Enterprise
Luxury German Vehicle Manufacturer Migrates from GlassFish to Payara Server
Download BMW Case Study PDF
The Cyber Resilience Act (CRA) will become law in Europe in 2024 and Payara is actively working to assist our customers to be well informed and ready to work toward compliance with this new legislation. Affected manufacturers will be required to apply the legislation 36 months after its publication by the Office of the European Union. EU and non-EU vendors selling a product or service with a digital component, including software – and who export to the EU – are required to comply.
A key objective of the CRA is to ensure a common and high level of cybersecurity for connected products (“products connected directly or indirectly to another device or 1network” as per the EU Cyber Resilience Act definition) made available on the European market. This will be achieved through the development and implementation of harmonized cybersecurity standards applicable to such products – throughout their lifecycle.
Non-compliant companies can be fined $15 million or 2.5% of their global annual turnover – whichever is higher. Authorities may also intervene with orders to eliminate risk, restrict the product, or even issue a product recall.
Stay ahead of the curve with Payara’s comprehensive resource on the EU Cyber Resilience Act (CRA). This essential resource provides detailed insights into the upcoming legislation, its implications for your business, and practical steps to ensure compliance.
Download Resource
“impose cybersecurity obligations on all products with digital elements whose intended and foreseeable use incudes direct or indirect data connection to a device or network” (EU cyber-resilience act, Briefing – 28-11/2023)
Payara’s application server technology plays an important role in the operation of many software applications or related products that may fall within the scope of the CRA. We have been closely following the evolution of the legal requirements and we understand that our customers may need our assistance to help them work towards fulfilling their own compliance objectives. For example, products within the scope of the CRA must undergo a written “conformity assessment”; affix a conformity mark to their product; conduct cybersecurity risk assessments; provide security updates free of charge for five years; report vulnerabilities; and disclose any successfully exploited vulnerabilities within 24 hours.
At Payara, we constantly enhance our cybersecurity measures to meet top standards. Our products— Payara Server, Payara Micro Enterprise Edition, and Payara Cloud—come with essential features and configurations to strengthen your security.
While the Payara Platform Community Edition is geared towards rapid development and innovation, its frequent changes and evolving features pose significant challenges for those seeking long-term stability and regulatory compliance. Unlike Payara Platform Enterprise and Payara Cloud, the Payara Community Edition lacks the comprehensive compliance features required to meet stringent regulatory standards, including CRA, making it an unsuitable choice for applications where security and compliance are imperative.
Users should consider the Payara Platform Enterprise or Payara Cloud. Those products are specifically designed for mission-critical systems where stability, security, and compliance are paramount. Payara Platform Enterprise offers long-term support with a stable release cycle, ensuring that APIs and features remain consistent and reliable over time. Additionally, it includes extensive compliance and security features to meet stringent regulatory requirements. With professional support, regular maintenance updates, and guaranteed response times, Payara Platform Enterprise provides the robustness and assurance needed for enterprise-level applications. This makes it the optimal choice for organizations that prioritize operational continuity and regulatory adherence.
Try Payara Enterprise for Free