EU Cyber Resilience Act

Payara’s Response to the EU Cyber Resilience Act

Get Cyber Resilience Act Updates from Payara & Jakarta EE

The Cyber Resilience Act (CRA) will become law in Europe in 2024 and Payara is actively working to assist our customers to be well informed and ready to work toward compliance with this new legislation. Affected manufacturers will be required to apply the legislation 36 months after its
publication by the Office of the European Union. EU and non-EU vendors selling a product or service with a digital component, including software – and who export to the EU – are required to comply.

What is the Purpose of the EU Cyber Resilience Act?

A key objective of the CRA is to ensure a common and high level of cybersecurity for connected products (“products connected directly or indirectly to another device or 1network” as per the EU Cyber Resilience Act definition) made available on the European market. This will be achieved
through the development and implementation of harmonized cybersecurity standards applicable to such products – throughout their lifecycle.

Are There Penalties for Non-Compliance?

Non-compliant companies can be fined $15 million or 2.5% of their global annual turnover – whichever is higher. Authorities may also intervene with orders to eliminate risk, restrict the product, or even issue a product recall.

How Does Payara Support Its Customers to Achieve Compliance?

Payara’s application server technology plays an important role in the operation of many software applications or related products that may fall within the scope of the CRA. We have been closely following the evolution of the legal requirements and we understand that our customers may need our assistance to help them work towards fulfilling their own compliance objectives. For example, products within the scope of the CRA must undergo a written “conformity assessment”; affix a conformity mark to their product; conduct cybersecurity risk assessments; provide security updates free of charge for five years; report vulnerabilities; and disclose any successfully exploited vulnerabilities within 24 hours.

At Payara, we constantly enhance our cybersecurity measures to meet top standards. Our products— Payara Server, Payara Micro Enterprise Edition, and Payara Cloud—come with essential features and configurations to strengthen your security.

Download Resource

The Risks of Using the Payara Platform Community for Secure and Compliant Applications

While the Payara Platform Community Edition is geared towards rapid development and innovation, its frequent changes and evolving features pose significant challenges for those seeking long-term stability and regulatory compliance. Unlike Payara Platform Enterprise and Payara Cloud, the Payara Community Edition lacks the comprehensive compliance features required to meet stringent regulatory standards, including CRA, making it an unsuitable choice for applications where security and compliance are imperative. 

What Payara Products Should I Use to Ensure Compliance?

enterprise support with logo visual

Users should consider the Payara Platform Enterprise or Payara Cloud. Those products are specifically designed for mission-critical systems where stability, security, and compliance are paramount. Payara Platform Enterprise offers long-term support with a stable release cycle, ensuring that APIs and features remain consistent and reliable over time. Additionally, it includes extensive compliance and security features to meet stringent regulatory requirements. With professional support, regular maintenance updates, and guaranteed response times, Payara Platform Enterprise provides the robustness and assurance needed for enterprise-level applications. This makes it the optimal choice for organizations that prioritize operational continuity and regulatory adherence. 

Try Payara Enterprise for Free

Back to top