CRA

Cyber Resilience Act

The EU regulation for cybersecurity of products with digital elements. Security requirements throughout the product lifecycle.

What is the CRA?

The Cyber Resilience Act is an EU regulation establishing cybersecurity requirements for products with digital elements placed on the EU market.

The regulation requires manufacturers to design products with security in mind, handle vulnerabilities throughout the product lifecycle, and provide security updates. It introduces mandatory conformity assessments and CE marking.

The CRA aims to reduce vulnerabilities in hardware and software products, making the EU digital ecosystem more secure.

Products in scope

Software applications and operating systems
Connected devices and IoT products
Industrial control systems
Smart home devices
Wearable technology
Network equipment
Hardware with digital elements
Remote data processing solutions

Key requirements

The CRA establishes essential cybersecurity requirements and vulnerability handling obligations for manufacturers.

Security by design principles

Vulnerability handling processes

Security update mechanisms

Secure default configurations

Data protection measures

Access control implementation

Incident reporting

Technical documentation

Conformity assessment

CE marking requirements

Software bill of materials (SBOM)

Lifecycle security support

How Kynosure helps

Prepare your products for CRA compliance with security documentation and assessments.

PYXIS — Multi-Framework Assessment

Pyxis scores your CRA product security readiness alongside ISO 27001 and five more frameworks in a single guided run. Sector-profiled, severity-ranked gaps, methodology-backed PDF.

Prepare for the CRA

Run the unified assessment and score CRA product security alongside ISO 27001 — product lifecycle controls mapped once, scored once.

Start your assessment Explore Pyxis