Constantinos Tsiourtos

What does the work you will carry out for the CYBERSTAND SSP consist of?
Participation and contributions in JTC13 WG9 deliberations, developing the horizontal standards in PT1, PT2 and PT3. I have been one of the initial project leaders for PT1 since 2024, and handed over to the rapporteurs assigned via EISMEA, in 2025.

What is the expected result and impact of this activity?
To deliver technically sound horizontal harmonized standards that address the essential legal requirements of the CRA, and support the development of broad vertical and verticals standards. To that end I am monitoring and supporting the work also in the most mature deliberations on the vertical level - namely the CLC TC 47X (to which I am the liaison to JTC13) and CLC TC 65X.

Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
Principles for Cyber Resilience, Generic security requirements, Vulnerability Handling. Particular focus is paid on the alignment to the law (both ERSs and other aspects of compliance) and development of supportive guidance for the verticals. Furthermore, I am focusing on the amelioration of the understanding of the interplay with other harmonized standards being developed under different SRs, that support legislation interacting/ overlapping with the CRA - such as Machinery, AIA etc. Finally, i am working on improving the clarity of legal definitions that are deemed necessary to develop security requirements that cover the product as a whole (RDPS, composition etc)..