Cyber Resilience Act (CRA): Our Position & Preparation

Cyber Resilience Act (CRA): Our Position & Preparation

We support the objectives of the European Cyber Resilience Act (CRA): strengthening the cybersecurity of digital products and protecting users throughout their life cycle. We are actively preparing for the legislation by integrating security from design, strengthening the software supply chain and aligning our processes with international standards.

What the CRA Means.

The CRA imposes mandatory cybersecurity requirements on all products with digital elements—both hardware and software—introduced to the EU market. The law applies throughout the entire product lifecycle: from design to end of use.
Key components include:

  • Mandatory security requirements for manufacturers
  • Quick and transparent vulnerability treatment
  • Increased responsibility in the digital chain
  • CE marking and conformity assessments for high-risk products

Our Position

We support the premise that cybersecurity should be a standard product feature. Digital security is essential for trust-and we are already taking steps to comply.

Our Preparation

  1. Security by Design
    – Security is integrated from the start of product development
    – Risk-based design and threat modeling are standard
  2. Secure Development Processes
    – We follow the secure development framework according to IEC 62443-4-1
    – Security measures are tested and documented
  3. Vulnerability Management
    – We have processes for detecting, reporting, and resolving vulnerabilities
    – We adhere to responsible disclosure and incident management
  4. Software Supply Chain
    – We assess third parties and maintain a Software Bill of Materials (SBOM)
    – Updates and patches are applied in a timely manner
  5. Compliance Preparation
    – We map CRA obligations per product line
    – High-risk products are prepared for conformity assessment
    – We train internal teams and assess legal implications

Looking Ahead

The Cyber Resilience Act sets higher standards for digital products—rightfully so. We are prepared. Our focus is on secure design, active management, and responsible maintenance. Because cybersecurity does not end at delivery.
The CRA promotes better products, more trust, and a safer digital Europe. We contribute to that.

The Cyber Resilience Act (CRA) is a legislative proposal by the European Union, introduced by the European Commission on September 15, 2022. It aims to enhance the digital security of products with software and connected devices (such as Internet of Things devices). The proposal arises from growing concerns about cyber threats and the lack of consistency in the security of digital products within the EU.

The law applies to all physical and digital products with a software component that can be connected to the internet. This includes, among others:

  • Internet of Things devices (such as smart thermostats, cameras, and household appliances).
  • Software such as applications and operating systems.
  • Hardware with embedded software, such as medical devices or industrial machines.

For companies, the Cyber Resilience Act means they must review their development and production processes to comply with the new regulations. This may require significant investments and operational changes, but it also offers opportunities to enhance the reliability of their products and gain a competitive advantage.

For more information about the Cyber Resilience Act, click here