🔐 Cybersecurity and Smart Metering: AQUA publishes its position on the Cyber Resilience Act (CRA)
As the implementation of the European Cyber Resilience Act (CRA) moves forward, a clear and harmonised interpretation of product classifications is essential to ensure legal certainty, proportionality and innovation across the smart metering sector.
AQUA has published its official position paper on the classification of smart meters and gateways under Regulation (EU) 2024/2847. The document highlights a function-based approach, consistent with the CRA framework, and supports the view that standard smart meters should be classified as default products with digital elements, while gateways should be assessed according to their actual functionality.
Key messages:
✔ Classification should be based on product functionality, not deployment context.
✔ Standard smart meters are measurement and communication devices, not cybersecurity products.
✔ Gateways should be assessed case by case according to their role within the architecture.
✔ A harmonised interpretation across Member States is essential to avoid fragmentation and unnecessary compliance burdens.
✔ Classification should be based on product functionality, not deployment context.
✔ Standard smart meters are measurement and communication devices, not cybersecurity products.
✔ Gateways should be assessed case by case according to their role within the architecture.
✔ A harmonised interpretation across Member States is essential to avoid fragmentation and unnecessary compliance burdens.
Through this position paper, AQUA contributes to a consistent, proportionate and innovation-friendly implementation of the CRA, supporting Europe’s transition towards secure, resilient and sustainable smart metering infrastructures.
📄 Read the full position paper here