The EU Cyber Resilience Act (CRA) establishes cybersecurity standards for connected digital products across the EU. The act aims to enhance transparency and reduce vulnerabilities through risk‑based assessments and a CE (Conformité Européenne) marking scheme. While the CRA is seen as a crucial step to address systemic digital risks and regulatory gaps, this analysis suggests it is premature and underdeveloped. The paper raises concerns about the feasibility of its implementation, particularly for small and medium‑sized enterprises (SMEs), and highlights challenges with standardized norms and third‑party assessment frameworks. The CRA's success, the paper concludes, will depend on its adaptability and sensitivity to economic realities, suggesting it could otherwise hinder innovation.