Skip to main contentSkip to page footer
 

 |  Blog Blog

Back

Cyber Resilience Act - Software fit for the future

From 2027: No CRA, no market access. High time to make your software fit.

In our workshop, we get your software and processes on track now: hands-on, precise, sustainable.

The most important milestones at a glance:
- 2024: The Cyber Resilience Act (CRA) was adopted by the EU.
- 2025: The transition period is over. Companies must prepare.
- Mid-2026: Notification obligations apply from now on, this requires a PSIRT process.
- End of 2027: Without CRA conformity, no more CE labelling and therefore no market access for software-based products.


This is what it's all about:

With the CRA, the EU is defining comprehensive, binding safety requirements for digital products and software for the first time. Manufacturers are obliged to implement these requirements throughout the entire life cycle. From development to maintenance and support to dealing with vulnerabilities.
What sounds like a lot of effort at first glance can be implemented in a targeted and practical manner with the right approach.
We have developed a workshop in which we make your processes and software fit for the Cyber Resilience Act.
In the workshop, we analyse your development process together. We identify specific process gaps and derive concrete measures to gradually make your existing software and processes CRA-compliant.
You will gain an insight into relevant regulations and norms such as CRA, NIS2 and IEC 62443-4-1 - and above all into practical implementation. Whether secure architecture, tools for code reviews, PSIRT processes or employee training: We will show you what makes sense for your company, where you can start and how you can anchor security sustainably in your day-to-day development work.

What you can expect:

In a compact one-day workshop on site, we will take a practical look at secure software development in the context of CRA, NIS2 and IEC 62443-4-1. You will receive orientation, learn about the central principles of the software security lifecycle and analyse your development processes from a security perspective, including a gap analysis and specific recommendations. A few days later, we will go into more detail on open questions in an optional remote Q&A session.
Optionally, we can also support you with threat analyses, the use of security tools such as SAST or SCA and the integration of third-party components into a secure architecture.


Your benefit:

You gain clarity about the requirements of the CRA, receive an initial assessment of your current security situation and develop strategies to make processes future-proof and resilient.


Who is it for?

The workshop is aimed at anyone who develops software or is responsible for it. From development, architecture and project management to QA and management.

About the author

 

Ralf King is a security expert and head of our Cyber and Software Security Competence Centre. As a qualified software engineer, he has gained personal experience of the tasks and challenges in the various project phases, from software developer to project manager, while establishing the topic of software security at an early stage. Today, he and his security team support the project teams in every phase and take care of the security development lifecycle in accordance with IEC 62443-4-1.

Created by
Back