The EU Cyber Resilience Act Explained: Scope, Standards, and What to Do Now

The EU Cyber Resilience Act (CRA) is the most significant product cybersecurity regulation in history. Given the vast scope of this new law, it will fundamentally change how hardware and software are sold in Europe.

Hundreds of thousands of companies will need to conform, and for many, this will be the first time they are legally required to integrate cybersecurity into their product lifecycle.

Does this apply to you? If you sell consumer, communications, industrial, or semiconductor products, software or hardware, with a data connection in the EU, the answer is yes.

Crucially, this applies to all connected products in your portfolio regardless of when they were originally designed or introduced.

The stakes are high. Non-compliance carries penalties of up to €15 million or 2.5% of global annual turnover, whichever is higher. Yet, a 2025 Linux Foundation report revealed that 62% of respondents still have low familiarity with the CRA’s technical demands.

Join us to close that gap. We will cut through the legal jargon and provide a practical roadmap for conformity. In this webinar, we will cover:

• The milestones and deadlines
  
• Scope & Classification: How to determine if your product is Class I, Class II, Critical or Default.
  
• The Standards: Which cybersecurity standards (like IEC 62443 or ETSI 303 645) can help support compliance.
  
• Steps an organization needs to take.
  
• The To-Do List: Immediate steps for "Security-by-Design" and vulnerability handling.
  
• The latest updates from the EU Commission.
  
• Solutions: Tools and services for EU CRA conformity, security-by-design, and lifecycle management.

Sponsored by: