If you have difficulty in submitting comments on draft standards you can use a commenting template and email it to admin.start@bsigroup.com. The commenting template can be found here.
Standards Development
This European Standard specifies requirements for the design, implementation and monitoring of smart contracts in products with digital elements in order to address the essential cybersecurity requirements laid down in the Cyber Resilience Act (CRA). It establishes requirements for ensuring protection against unauthorised access, safeguarding the confidentiality of data, maintaining the integrity of data, and enabling the secure transfer of data and settings in accordance to CRA.
This European Standard applies to organisations that design, develop, deploy, or manage products with digital elements incorporating smart contracts for cybersecurity resilience, including software developers, hardware manufacturers, importers and distributors, service providers, and other economic operators. It specifies requirements intended to ensure that smart contracts operate as secure and trustworthy components of digital products and that their use contributes to presumption of conformity with the CRA for the essential requirements covered by this document.
This European Standard does not address the legal enforceability of contracts, governance frameworks of distributed ledger systems, or regulatory requirements outside the scope of the CRA.
The EU Cyber Resilience Act (CRA) establishes cybersecurity requirements for products with digital elements, laying down essential conditions for their design, development, and maintenance throughout their lifecycle. The Act’s objective is to ensure protection against, among others, vulnerabilities, unauthorised access, data breaches, and insecure configurations, thereby safeguarding users and enhancing trust in products with digital elements placed on the market. To give effect to these legal requirements, standardisation is mandated within the CRA. In this context, smart contracts represent a technology with the potential to enhance compliance with the CRA by operationalising the standardisation mandates. As self-executing code deployed on distributed ledger technologies, smart contracts can provide automation, transparency, and resilience in products with digital elements. When properly designed, they can directly support the CRA’s key areas. This proposal concerns the implementation of smart contracts as technical tools to support these CRA areas: protection against unauthorised access (Article 5), safeguarding data confidentiality (Article 6), ensuring data integrity (Article 7), and securing the transfer of data and settings (Article 14).
To achieve these outcomes, however, smart contracts must themselves be subject to clear technical standards. Without harmonised standardisation, risks such as coding vulnerabilities or inadequate cryptographic protections could undermine the objectives of the CRA. A dedicated standard would operationalise the CRA’s cybersecurity requirements for the identified areas by translating them into provisions for secure design, implementation, testing, monitoring, and interoperability of smart contracts.
The purpose of this document is therefore to establish a European standard that ensures smart contracts, when used in products with digital elements, contribute effectively to cyber resilience and compliance with the CRA. The justification rests on the necessity to provide organisations, such as software developers, hardware manufacturers, importers, distributors, and service providers, with a consistent and reliable framework that integrates smart contracts into the CRA’s broader standardisation system. The objective behind this initiative is to operationalise legislative requirements, reduce fragmentation, and provide trust in the secure use of smart contracts across the Union for cybersecurity compliance.
Required form fields are indicated by an asterisk (*) character.
You are now following this standard. Weekly digest emails will be sent to update you on the following activities:
You can manage your follow preferences from your Account. Please check your mailbox junk folder if you don't receive the weekly email.
You have successfully unsubscribed from weekly updates for this standard.
Comment by: