CRA - A Brief Overview

The Cyber Resilience Act (CRA) is an EU regulation (EU 2024/2847) that establishes uniform cybersecurity requirements for all products with digital elements for the first time – covering hardware and software that can connect to a network. The goal is to make these products more secure throughout their entire lifecycle.

Key Points:

  • Uniform EU Cybersecurity Standards: Binding requirements for all hardware and software on the EU market – secure-by-design and secure-by-default.
  • Vulnerability and Update Management: Manufacturers must manage vulnerabilities, provide updates, and inform users about risks.
  • Reporting and Documentation Obligations: Incidents and vulnerabilities must be reported within tight deadlines (in some cases 24 h); documentation and declarations of conformity are mandatory.
  • Market Surveillance and Penalties: Authorities can withdraw products from the market; fines of up to €15 million or 2.5% of annual turnover.
CRA Fast Track

condignum CRA Solution

"CRA Solution" means that companies do not need to build security, risk, and compliance capabilities internally, but receive them as a continuous, structured service. This turns information security into an ongoing process that is professionally managed and transparently governed.

Start

The starting point is the CRA Readiness Check.

Results

  • Report on the current status
  • List of open TODOs

Requirements

  • None

Process

  • 4-hour workshop for joint assessment with an accredited Quaste auditor on the condignum platform
  • Generation of the PDF report

Including

  • 3 months access to the condignum Security Platform
Get in touch