With the Cyber Resilience Act the European Commission intends to introduce cybersecurity requirements for products with digital elements and for the vulnerability handling measures of respective manufacturers. German industry welcomes the proposal in principle. Nonetheless, the European co-legislators should introduce a longer implementation period, clearer rules for Software-as-a-Service and Open Source, and the concept “intended use” when defining the criticality of products.