As the European Union’s economy and society continue to embrace digital solutions, there is an urgent need to ensure that the EU’s networks and information systems are resilient against evolving cyberattacks. The American Chamber of Commerce to the European Union (AmCham EU) supports a strong cybersecurity environment in Europe, which is the responsibility of government and industry alike. The future Cybersecurity Resilience Act (CRA) will address a wide range of digital products and services. This paper outlines key recommendations regarding aspects of the expected CRA that require clarity and focus, with the aim of making sure the upcoming proposal reinforces the security of the entire supply chain, avoids security risks in products and services and protects customers and citizens against malpractices and abuse. Our suggestions encompass the scope, security requirements, role of the industry, harmonisation, market surveillance and the differences between Business-to-Business (B2B) and Business-to-Consumer (B2C) products.