As of 11 December 2027, the CRA will become a mandatory certification.
Are you a manufacturer of products with digital components that can connect to a device or a network? Are your products offered within the EU market and therefore subject to the Cyber Resilience Act (CRA)? Get familiar with the latest CRA developments—stay informed, stay compliant.
Since the Cyber Resilience Act came into effect on 11 December 2024, several activities has been undertaken by the European standardization organizations. This year, on 3 April, the Standardization Request for the Cyber Resilience Act was officially accepted by CEN, CENELEC and ETSI, with a commitment to deliver harmonized standards ahead of the regulatory deadlines (which is at least one year before the CRA enters into application).
Learn more about the technical descriptions feedback, the CRA expert group and guidance on CRA interpretation as well as the interplays between the CRA-EUCC and CRA-RED by reading the full article.
Keep in mind the CRA compliance deadlines:
🔸 11 September 2026: manufacturers must comply with vulnerability reporting requirements
🔸 11 December 2027: CRA becomes a mandatory certification
Although companies affected by the CRA still have 27 months to fully comply with the new cybersecurity requirements, don't wait any longer—take action today!
Prepare for the CRA with Brightsight
CRA is more than just a regulatory requirement – it is an opportunity to strengthen security, build trust and differentiate your products.
Do you need assurance that you product is resilient to cyber threats? Or do you want to become a key differentiator in the marketplace? Certification will certainly give you a competitive advantage. Start your product certification journey with Brightsight.
Our CRA services include:
General CRA framework workshop (2 hours)
Gain a foundational understanding of the European Union’s Cyber Resilience Act (CRA) through our comprehensive introductory workshop.
This session provides a clear overview of the regulation’s timelines, scope and key content. Participants will gain insights into the essential requirements and the strategic implications for their organization.
Product-specific CRA workshop with regulatory focus (4-6 hours)
Building upon the general CRA framework, this in-depth workshop delves into the specific implications of the CRA for your organization’s product(s).
Gain a full understanding of the CRA requirements that are already covered by the product-related standards and the CRA requirements that require further product-specific assessment.
This session includes the core content of the general workshop, augmented by 2-4 hours dedicated to:
- Your product focus: A detailed analysis of how the CRA applies to your specific product(s).
- Standard mapping relevant for European and international product standards (for example: PCI, Common Criteria, GBIC, RED) against the specific requirements of the CRA.
- GAP analysis: Identifying potential gaps between the existing product standards and the mandatory requirements of the CRA.
Product-specific CRA gap assessment
Utilize our expertise to thoroughly assess your product(s) gaps against the CRA requirements.
This service contains a review of your existing documentation and processes against the CRA requirements in order to identify any discrepancies or gaps. It also includes a risk analysis review.
As output, our gap assessment offers actionable insights for remediation, helping you determine which CRA requirements your product conforms to and which ones it fails, and so needs improvement.
CRA support
Following the gap assessment, we can provide additional guidance to help you close the identified gaps and achieve CRA compliance.
CRA-ready certification
Upon a successful completion of the product-specific GAP assessment and after a closure of identified gaps, we offer a “CRA-ready” certificate.
This certification reflects the current status of your product’s alignment with the CRA essential requirements.
The findings from our gap assessment may also be leveraged during future conformity assessments with Notified Conformity Assessment Bodies (CABs), streamlining your product’s certification process.
Everything you need to know about the Cyber Resilience Act
Together, we need to reduce the risk that hackers can compromise the security of a connected device.
Subscribe to the Brightsight newsletter, and we will send you our latest publication detailing what you need to know about the Cyber Resilience Act and how we can help you achieve compliance.
