Cyber Resilience Act

CRA is a European regulation that introduces uniform cybersecurity requirements for products with digital elements. Its goal is to ensure that hardware and software in the EU market remain secure throughout their lifecycle – from design and development to operation and updates.

The Act applies to manufacturers, importers, and distributors of digital products available in the EU market, regardless of whether they are based in EU Member States or outside the EU. A wide range of products are affected, including IoT devices, network components, software, cloud services, and specialized industrial systems.

For companies selling products in the EU, the CRA brings new obligations related to managing cybersecurity risks, detecting and addressing vulnerabilities, securing the supply chain, and reporting vulnerabilities and incidents.

With the introduction of the CRA, businesses must prepare for stricter security requirements. The regulation mandates that product security must be ensured from the design stage (Security by Design & Security by Default) and introduces obligations for vulnerability management and regular updates.

Failure to meet these requirements can lead to significant financial penalties of up to EUR 15 million or 2.5% of the company’s global turnover. Another risk is losing access to the EU market if a product does not meet the compliance requirements.

Our team of experts in cybersecurity, regulatory compliance, law, and risk management will help you meet all CRA requirements. Our services include a comprehensive approach to cybersecurity risk management and CRA compliance, including

• Analysis of the product portfolio and identification of products subject to CRA.
• Comprehensive readiness assessment and identification of security gaps – gap analysis against CRA requirements.
• Proposal of corrective actions and prioritization.
• Support provision in implementing security measures, including Security by Design & Default.
• Support provision in terms of conformity assessment and preparing necessary documentation in line with CRA requirements.
• Vulnerability and security update management.
• Implementation of security requirements into the supply chain and third-party assessments.
• Methodological support and expert consultations during the implementation of CRA requirements.

Be prepared for the CRA

Ensure your digital products are secure and fully compliant with regulatory requirements.

If you want to ensure that your products comply with CRA requirements, do not hesitate to contact us. We will conduct a gap analysis for you, prepare an action plan, and provide support during the implementation of requirements.