Cyber Resilience Act
Ensure your products with digital elements meet CRA security requirements. From vulnerability management to software updates.
Start AssessmentProduct Classifications
The CRA classifies products with digital elements into categories based on their cybersecurity criticality.
Class I (Default)
Products with digital elements that do not fall into Class II.
Examples:
- Consumer electronics
- Smart home devices
- General software
Assessment: Self-assessment or third-party
Class II (Important)
Products that are important for cybersecurity.
Examples:
- Operating systems
- Network management
- Security software
- Industrial control
Assessment: Conformity assessment by notified body
Essential Requirements
Security by Design
Products must be designed with appropriate security measures built-in from the start.
Vulnerability Handling
Establish processes for identifying, documenting, and addressing vulnerabilities.
SBOM
Maintain a Software Bill of Materials documenting all components and dependencies.
Security Updates
Provide security updates for the expected product lifetime (minimum 5 years).
Documentation
Prepare technical documentation demonstrating compliance with essential requirements.
Implementation Timeline
CRA entered into force
Reporting obligations begin
Conformity assessment requirements apply
Full compliance required
Assess Your CRA Compliance
Our assessment helps identify gaps and provides actionable recommendations.
Start Assessment