Cyber Resilience Act

Cyber Resilience Act

EU´s New Cybersecurity rules for connected devices

Companies must navigate the complexities of implementing and maintaining comprehensive cybersecurity measures across the entire lifecycle of hardware and software products to meet the requirements set up in the Cyber Resilience Act.
And the time until implementation is short.

What are the main topics?

A crucial aspect of the act is ensuring cybersecurity throughout a product’s lifecycle, including defining a support period and providing security updates during that time. Economic operators involved in the supply chain, from manufacturers to distributors, have obligations tailored to their roles.

  • Cybersecurity has to be included in the planning, design, development, production, delivery, and maintenance process.

  • Conformity assessment – differentiated by level of risk

  • Manufacturers must actively report exploited vulnerabilities and incidents

  • Once Sold, you have to make sure that vulnerabilities are fixed for the expected product lifetime or for a timeframe of 5 years (whichever is shorter)

  • Clear and understandable instructions for use of products with digital elements have to be available

  • Security updates must be available for at least 5 years

How can asvin help to implement the requirements from the Cyber Resilience Act (CRA)?

Software lifecycle managementent

Device Security Booster™
Fulfill the regulatory requirements on implementing security by design on connected devices, cybersecurity management, serving patches and updates.

Regulatory Guidance

Professional Services
Get guidance on the setup of cybersecurity management systems and ensure that the implementation of asvin’s products goes quickly, everything runs smoothly and regulatory compliant for a long times.

Riskmanagement and Vulnerability

Risk by Context™
Gain a comprehensive understanding of your company’s OT cyberrisks and their interconnectedness to prioritize cybersecurity investments and mitigation efforts.

What is the Cyber Resilience Act (CRA) about?

The Cyber Resilience Act (CRA) developed by the EU Commission defines standards for the cyber security of connected devices and thus improves the cyber security of products. It does not matter whether the products are connected to the Internet, communicate with each other or via internal interfaces. The CRA applies not only to finished end products, but also to all preliminary products and components. – In other words, all components of the hardware supply chain.
The Cyber Resilience Act (CRA) regulations apply not only to manufacturers of products with digital elements, but also to distributors and importers.

What measures need to be implemented?

The Cyber Resilience Act requires the establishment of risk-appropriate cybersecurity measures for affected products in the design, development and production phases, as well as during marketing and use.
The types of actions vary depending on criticality.

While around 90% of the affected products can be checked in a self-assessment. A third party assessment should be carried out for Critical Class I devices and must be carried out for Critical Class II devices.

Quickcheck Cyber Resilience Act [CRA] –
Are you affected?

Take 2 minutes to find out if you, as a manufacturer or distributor, are affected by the Cyber Resilience Act regulations.

What positive outcomes will the Cyber Resilience Act lead to?

  • Ensure that products with digital elements placed on the EU market have fewer vulnerabilities

  • Remain manufacturers responsible for cybersecurity throughout a product’s life cycle

  • Improve transparency on security of hardware and software products

  • Better protection for business users and consumers

CRA Readiness
Inhouse Workshop

Kick start your implementation today. To support you in planning and implementing the necessary measures and to anchor the topic of the
Cyber Resilience Act in your company, we have developed an in-house workshop for you that will prepare you optimally.

Our workshop offer is primarily aimed at German-speaking companies, and therefore takes place in German. – If your company language is English, please contact us.