Cyber Resilience Act (CRA): Our Position & Preparation

Cyber Resilience Act (CRA):

Our Position & Preparation

We support the objectives of the European Cyber Resilience Act (CRA): strengthening the cybersecurity of digital products and protecting users throughout their life cycle. We are actively preparing for the legislation by integrating security from design, strengthening the software supply chain and aligning our processes with international standards.

What the CRA Means.

The CRA imposes mandatory cybersecurity requirements on all products with digital elements-both hardware and software-that are placed on the EU market. The law applies for the entire life of the product: from design to end of use.
Key components include:

  • Mandatory security requirements for manufacturers
  • Quick and transparent vulnerability treatment
  • Increased responsibility in the digital chain
  • CE marking and conformity assessments for high-risk products

Our Position

We support the premise that cybersecurity should be a standard product feature. Digital security is essential for trust-and we are already taking steps to comply.

Our Preparation

  1. Security by Design
    – Security is integrated from the start of product development
    – Risk-based design and threat modeling are standard
  2. Secure Development Processes
    – We follow the secure development framework according to IEC 62443-4-1
    – Security measures are tested and documented
  3. Vulnerability management
    – We have processes for identifying, reporting and resolving vulnerabilities
    – We employ responsible disclosure and incident management
  4. Software Supply Chain
    – We review third parties and maintain Software Bill of Materials (SBOM) at
    – Updates and patches are applied in a timely manner
  5. Compliance Preparation
    – We map CRA obligations by product line
    – High-risk products are prepared for conformity assessment
    – We train internal teams and review legal implications

Looking Ahead

The Cyber Resilience Act places higher demands on digital products-rightly so. We are prepared. Our focus is on secure design, active management and responsible maintenance. Because cybersecurity does not stop at delivery.
The CRA encourages better products, more trust and a more secure digital Europe. That is what we contribute to.

The Cyber Resilience Act (CRA) is a legislative proposal by the European Union, introduced by the European Commission on September 15, 2022. It aims to enhance the digital security of products with software and connected devices (such as Internet of Things devices). The proposal arises from growing concerns about cyber threats and the lack of consistency in the security of digital products within the EU.

The law applies to all physical and digital products with a software component that can be connected to the internet. This includes, among others:

  • Internet of Things devices (such as smart thermostats, cameras, and household appliances).
  • Software such as applications and operating systems.
  • Hardware with embedded software, such as medical devices or industrial machines.

For companies, the Cyber Resilience Act means they must review their development and production processes to comply with the new regulations. This may require significant investments and operational changes, but it also offers opportunities to enhance the reliability of their products and gain a competitive advantage.

For more information about the Cyber Resilience Act, click here.