The European Cyber Resilience Act (CRA)

The new European Cyber Resilience Act (CRA) is currently being developed by the EU. The legislative process is still ongoing, with much left to be determined.

How can you prepare for this new legislation? Start by minimizing cyber risks now. We test, inspect, certify and train your organization, helping you improve your organization’s cyber resilience today.

What does the CRA mean for you?

The CRA ensures that digital products must meet strict cybersecurity requirements before being placed on the European market. Both consumers and business users need to trust that digital products - from digital doorbells to accounting software - are secure.

Responsibility lies with the manufacturer. Are you a manufacturer of digital products? You must ensure your products are secure. Additionally, you are required to provide free security updates throughout the product's lifetime and report any digital vulnerabilities or incidents to customers immediately.

What is the difference between the CRA and NIS2?

The CRA is expected to apply to all manufacturers, regardless of the size of your company. This is a broader approach compared to NIS2L (Network and Information Security Directive), which only applies to medium and large companies. Every product with digital elements that you want to bring to market in the EU will need to comply with this.

Stay updated on the CRA

The new European Cyber Resilience Act is still in development. Many details are yet to be finalized. Our experts will keep you informed about the latest updates.

Why Kiwa?

✓
One-stop-shop: services for OT, IT, and IoT under one roof
✓Independent, objective assessments
✓Expertise in laws and regulations
✓Proven quality in testing, inspection, certification and training
✓Forward-looking vision on cybersecurity

The latest news about cybersecurity

5 misconceptions about product legislation

Product legislation is quite a complex landscape. Especially if it is not your core business. In practice, we therefore often hear misunderstandings regarding product legislation. Read some common misconceptions in this article.
Read more
5 thoughts on how to start with cybersecurity not only for compliance reasons

Kiwa is of course known for being the independent party for testing and certification, but we support broader than that. In addition to compliance, we also find it important to think along with our customers' business continuity, which is why we think it is important to emphasize that you should not only focus on compliance, but also from a risk based perspective.
Read more
The importance of input validation in IoT security

Cybersecurity has been a passion of mine for years. My journey in this field began out of curiosity, leading me to specialize in web penetration testing. Since joining Kiwa, my focus has shifted to IoT security, with an emphasis on testing against standards like ETSI EN 303645. One topic that consistently fascinates me is input validation—an area where web penetration testing and IoT security assessments often intersect.
Read more

View all the news