Global
Product Security Support for the Cyber Resilience Act (CRA)
1. Background and Purpose
In 2024, the European Union introduced the Cyber Resilience Act (CRA), a new regulatory framework that requires all digital products with network connectivity to implement enhanced cybersecurity measures across the entirety of a product's lifecycle.
Under the CRA, manufacturers must implement security requirements, manage vulnerabilities, report incidents, and maintain a Software Bill of Materials (SBOM) from both the design and development stages through to post-shipment maintenance and updates. Ensuring product reliability and transparency is a core objective of this regulation.
Furthermore, the CRA enforces manufacturers to provide security updates, disclose vulnerability information, and clearly define the support period during which security updates will be delivered. This makes transparency regarding product security lifecycles a critical element.
In response to these global regulatory developments, Ricoh will disclose the security support periods (vulnerability response periods) for each of our products.
This initiative is designed to:
- Enhance transparency regarding the security measures for our Multifunction Printers (MFPs) and printers.
- Support customers in using our products with confidence and peace of mind.
- Strengthen cybersecurity measures across the entire supply chain.
To ensure transparency, Ricoh already publishes information on product vulnerabilities. Details can be found on the page below.
2. Scope of Disclosure
The information disclosed here is limited to the vulnerability response periods, as required under the CRA, for products that are currently on the market.
It does not represent our company’s comprehensive strategy for full CRA compliance. Our overall approach to CRA compliance is currently under review, and we will provide further updates once preparations are complete.
Please note that the information published here represents only part of our ongoing efforts and could be subject to changes or updates in the future.
3. Disclaimer and Notes
The security support periods indicated on this page represent our current plans and may be extended at our discretion.
The security support periods for MFPs and printers are as follows:
| Colour Product | Support Period |
|---|---|
| IM C320F | June 2034 |
| IM C401F | November 2033 |
| IM C401SRF | |
| IM C2010 | January 2033 |
| IM C2010A | |
| IM C2510 | |
| IM C3010 | |
| IM C3010A | |
| IM C3510 | |
| IM C3510A | |
| IM C4510 | |
| IM C4510A | |
| IM C5510A | |
| IM C6010 | |
| IM C7010 | December 2033 |
| IM C3010SD | January 2035 |
| IM C4510SD | |
| IM C6010SD | |
| IM C2501CE | March 2032 |
| IM C3501CE | |
| IM C5501CE | |
| M C2000 | June 2031 |
| M C320FSE | September 2033 |
| Black and white Product | Support Period |
|---|---|
| IM 550 | May 2029 |
| IM 600 | |
| IM 600SRF | |
| IM 2702 | March 2032 |
| IM 350FSE | March 2032 |
| IM 450FSE | |
| IM 2500 | February 2031 |
| IM 2500A | |
| IM 3000 | |
| IM 3000A | |
| IM 3500 | |
| IM 3500A | |
| IM 4000A | |
| IM 5000A | |
| IM 6000 | |
| IM 370 | June 2033 |
| IM 370F | |
| IM 460F | |
| IM 7000 | November 2030 |
| IM 8000 | |
| IM 9000 | |
| M 2700 | April 2029 |
| M 2701 | |
| M 320FSE | January 2032 |
| M 320SE |
| Colour Product | Support Period |
|---|---|
| P C375 | June 2034 |
| P C600 | October 2028 |
| IP C8500 | November 2033 |
| Black and white Product | Support Period |
|---|---|
| P 800 | May 2029 |
| P 801 | |
| P 501 | December 2028 |
| P 502 | |
| SP 8400SE | March 2032 |
| P 311SE | January 2032 |