Prepare for the Cyber Resilience Act today

Navigate the new regulatory landscape, ensure product and supply chain security, and build customer trust with our expert guidance for manufacturers, importers, and distributors.
Contact our expertsThis link opens in a new window. This link opens in a new tab
Prepare for the Cyber Resilience Act today

Cyber Resilience Act

The Cyber Resilience Act (CRA) is a groundbreaking EU regulation designed to bolster the cybersecurity of digital products across the entire supply chain. It ensures that products with digital elements are secure by design, protecting consumers and businesses from growing cyber threats. The CRA sets mandatory cybersecurity requirements for manufacturers, importers, and distributors, fostering a more secure digital ecosystem across the European market and establishing clear responsibilities for each actor.

The Cyber Resilience Act demands a comprehensive and knowledgeable approach for all economic operators: We provide the expertise to guide manufacturers, importers, and distributors through every step.

Who will be affected

The Cyber Resilience Act (CRA) impacts all manufacturers, importers, and distributors of products with digital elements that are placed or made available on the EU market. This broad scope includes a vast range of hardware and software products, from consumer devices to industrial equipment. Whether your company is a manufacturer creating digital products, an importer bringing them into the EU, or a distributor making them available to end-users within the EU, the CRA applies to you. This includes companies based both within and outside the EU if they participate in the EU digital product supply chain.

When will it apply

The Cyber Resilience Act was adopted in October 2024 and became effective on December 11, 2024. The main portion of the regulation will apply from December 2027, providing a transition period for businesses to adapt to the new requirements.

However, companies must start reporting incidents and vulnerabilities to designated bodies from September 2026. It’s crucial for manufacturers, importers, and distributors to begin preparing now to ensure timely compliance across all their operations.

Why should you comply

Non-compliance with the Cyber Resilience Act can result in significant financial penalties for manufacturers, importers, and distributors, including fines up to 15 million Euro or 2.5% of your total worldwide annual turnover, whichever is higher. Beyond financial repercussions, non-compliance can damage your reputation, erode customer trust, disrupt supply chains, and leave your products and customers vulnerable to cyber threats. Compliance is not just a legal obligation for each actor in the supply chain; it’s a strategic imperative for building a secure and sustainable business in the digital age and maintaining access to the EU market.

Discover your CRA readiness

Is your organization and your supply chain prepared for the Cyber Resilience Act? Understanding your current cybersecurity posture and that of your partners is the first step towards comprehensive compliance. Contact us for a tailored assessment to identify your gaps and chart a clear path to CRA readiness for manufacturers, importers, and distributors.
Contact us
Discover your CRA readiness

Effects of new regulation

Regulation (EU) 2024/2847 (CRA) introduces comprehensive cybersecurity requirements for digital products across the EU, impacting manufacturers, importers, and distributors. This regulation goes beyond previous directives by directly targeting product security and placing specific obligations on each economic operator throughout the product lifecycle and supply chain. The CRA aims to create a level playing field, enhance consumer trust, and drive innovation in secure digital technologies, with shared responsibility across the supply chain.

We’ve outlined the key impact areas and requirements for manufacturers, importers, and distributors below:

Future proof solutions

We offer comprehensive support to guide manufacturers, importers, and distributors through every phase of CRA compliance, from initial supply chain assessments to tailored implementation strategies and ongoing maintenance. Our services are designed to be practical, efficient, and customized to the specific roles and needs of each economic operator in the digital product ecosystem.

Credit Institution & Asset Manager

Supporting a client in carrying out a DORA GAP analysis from the perspective of the company’s IT by locating the responsibilities and mapping the new requirements to the existing IT governance. Documented gaps and action recommendations were provided, with efforts and timelines jointly defined. A thorough, cross-functional impact analysis was key to ensuring a smooth implementation. The project is now in rollout, and we continue to support the IT Team as affected first line department.

Insurance Company

Currently assisting an insurance client with DORA compliance. Starting with an awareness session for the Board and IT Management. Carrying out an impact assessment on (expected) affects in relation to implemented requirements. Delivered a DORA implementation concept. A key success factor was to implement a cross-divisional central coordination to manage the cross-departmental scope effectively.

Automotive Finance Service Provider

Supporting a Leasing Company by determining the applicability of DORA against the background of the Financial Market Stabilization Act in Germany, which has yet to be passed. Conducted a GAP analysis against current regulations (MaRisk / BAIT) and new implementation requirements. The success factor is the careful and comprehensive impact analysis, especially since the customer has various branches in European and non-European countries.

Get Inspired

Do you want to delve deeper into the Cyber Resilience Act and understand its implications for your role in the supply chain? Explore our whitepaper and other resources created by our cybersecurity experts.
Get Inspired