The Cyber Resilience Act (CRA) is an EU regulation designed to make digital products more secure. As more devices and software become interconnected, they also become more vulnerable to cyberattacks. The CRA builds trust and protects both businesses and users.
Products that include software or are connected to the internet will soon need to meet the following requirements:
- Security by Design
Security must be considered from the very beginning of product development.
- Risk Management
Risks must be documented, assessed, and regularly reviewed.
- Mandatory Incident Reporting
Security breaches must be reported within 24 hours.
- Proof of Product Security
Security must be demonstrated through testing, certification, or technical documentation.
- Patch and Update Management
Vulnerabilities must be fixable via updates and patches throughout the product lifecycle.
- Technical Safeguards
Measures include authentication, access control, and secure boot.
CRA-Compliant Market Entry: Certified Products and Expert Knowledge
All new products must comply with CRA requirements by December 11, 2027. At Selectron, an interdisciplinary project team is already working to ensure full compliance. Our focus includes:
- Vulnerability Management
- Establishing a Product Security Incident Response Team (PSIRT)
- Update and Patch Management
Thanks to our Cybersecurity Competence Center within the Knorr-Bremse Group, we bring years of deep expertise to the table. Our customers can rely on our new MAS2xx product portfolio to deliver CRA-compliant, secure-by-design solutions with IEC IEC 62443-4-2 as well as 62443-4-2 SL-C2 certification.
The IEC 62443 standards form the foundation of our cybersecurity efforts. As of today, certain product families already meet the requirements of EU Regulation 2024/2847.