@@ -162,13 +162,12 @@ This standard does not apply to products that contain [vertical] or are part of
## 1.1 General
The present document provides security requirements and assessment criteria covering all elements defined in EU Regulation 2024/2847 Cyber Resilience Act Annex I Part 1 and Part 2 for products with digital elements (products) with the intended main purpose of providing commercial Virtual Private Network (VPN) services for individual consumers. This includes products intended for a single user or home network to securely connect to a public network.
The present document provides security requirements and assessment criteria covering all elements defined in EU Regulation 2024/2847 Cyber Resilience Act Annex I Part 1 and Part 2 for products with digital elements (products) with the intended main purpose of providing commercial Virtual Private Network (VPN) services for individual consumers. This includes products intended for a single user or home network to securely connect to a public network with an emphasis on privacy.
The scope applies to:
- Software that operates as a VPN client on a consumer device
- Software that operates as a VPN server or gateway for termination of consumer VPN services
- Remote data processing for consumer VPN services
- Software that operates as a VPN end-point on a consumer device
- Remote data processing and associated software used for consumer VPN services
