Cookie consent(s)
We use cookies to personalize content and ads, provide social media features, and analyze traffic. This is done only with your explicit consent. By clicking "ACCEPT ALL," you agree to the processing and sharing of your data with our partners for social media, advertising, and analytics, including in third countries in accordance with Art. 49(1)(a) GDPR and Art. 17(1)(a) FADP (Switzerland). There is a risk that your data may be monitored by authorities without legal recourse. You can change or revoke your consents at any time in the data privacy settings .
Data protection declaration | Legal notices
Settings
Cyber Resilience Act (CRA)

Secure by Design, Resilient by Certification

Contact us

What is the Cyber Resilience Act?

Cyber Resilience Act (CRA) is the new regulation setting the cybersecurity requirements for products commercialized in the European Union (EU). This regulation marks a decisive step toward enhancing digital security and safety across Europe. It requires manufacturers to integrate security by design, manage vulnerabilities proactively, and provide transparent support throughout the product lifecycle.
As cyber threats grow more complex, the CRA sets the foundation for protecting users, strengthening trust, and shaping a resilient digital future.

Cyber Resilience Act Key Benefits

Is Your Product in Scope for CRA?

    • Hardware products: including components placed on the market (laptops, smart appliances, mobile phones, network equipment or CPUs), including their remote data processing.
    • Software products: including components placed on the market (operating systems, word processing, games or mobile apps, software libraries), including their remote data processing.

    How to Prepare for Cyber Resilience Act Compliance?

    CRA covers not only the product itself but spans the full lifecycle of the product including planning, design, development, production, delivery and maintenance with an emphasis on assessment of security risks and continuous monitoring and improvement.
    Understand the Cybersecurity Requirements
    • Product Requirements: according to Annex I, Part I of the regulation.
    • Risk Assessment & Secure Development Lifecycle: according to Annex I, Part I of the regulation.
    • Vulnerability Handling: according to Annex I, Part II of the regulation.
    Categorize the Product and Develop Necessary Documentation
    Complete the Conformity Assurance Procedure

    Our Services

    Training
    Tailored training and turnkey projects designed to support you in developing your Cyber Resilience Act Certification readiness strategy.
    Evaluation
    3rd Party Assessment and Certification
    EUCC Certification
    This conformity assessment must be finalized by December 2027 to ensure compliance with the CRA. However, please note that vulnerability reporting obligations start in September 2026.

    Empower Your Product Security with DEKRA

    DEKRA offers one of the most comprehensive portfolios in the industry, spanning Common Criteria, FIPS 140-3, ETSI EN 303 645, IEC 62443, MDSCERT, SESIP, EN 18031, and more.
    We have already supported hundreds of manufacturers in meeting EU requirements for RED Delegated Act . Now, we are ready to support you through CRA compliance with the same precision, reliability and independence.
    With DEKRA, you ensure product security, build market trust and stay ahead of regulation.