Penalties (up to EUR 15 million or 2.5% turnover)

The Cyber Resilience Act imposes fines of up to €15 million or 2.5 % of a company's annual worldwide turnover for non-compliance with security and safety obligations for digital products sold in the EU. Penalties are applied per infringement and may be combined with other corrective measures.