🇱🇹Lietuva
Cyber Resilience Act Compliance in Lithuania
The CRA establishes cybersecurity requirements for products with digital elements sold in the EU. Manufacturers must ensure security by design and provide vulnerability handling.
How does CRA apply in Lithuania?
CRA applies in Lithuania under EU law with the same obligations as across the bloc — maximum fine €15M or 2.5% of global turnover. The national supervisory authority is the VDAI (Valstybinė duomenų apsaugos inspekcija), which handles enforcement, complaints, and notifications. Deadline: December 11, 2027.
- Supervisory authority: VDAI (Valstybinė duomenų apsaugos inspekcija)
- Maximum fine: €15M or 2.5% of global turnover
- Key deadline: December 11, 2027
| Supervisory authority | VDAI (Valstybinė duomenų apsaugos inspekcija) |
| Maximum fine | €15M or 2.5% of global turnover |
| Key deadline | December 11, 2027 |
| Sectors affected | Software, IoT |
Source: VDAI (Valstybinė duomenų apsaugos inspekcija)Reviewed:
Deadline
December 11, 2027
Max Fine
€15M or 2.5% of global turnover
Sectors Affected
Software, IoT, Hardware
Key CRA Obligations for Lithuania Businesses
- Implement security by design
- Provide security updates for product lifetime
- Report actively exploited vulnerabilities
- Maintain technical documentation
- Conduct conformity assessment
Does CRA apply to your Lithuania business?
Find out in 2 minutes with our free regulation checker.
Check now — freeCRA in Other Countries
For informational purposes only. This is not legal advice — consult qualified legal counsel.