Which obligations regarding vulnerability handling and SBOM apply to manufacturers, importers and distributors under the CRA? Explained with a machine building example and an illustration.

The CRA implementation act designates the BSI as the market surveillance and notifying authority for the Cyber Resilience Regulation in Germany. Exactly this point is

Overview of the EN 40000 series, ETSI EN 304 6xx and EN 50770: structure, status and what they mean for manufacturers under the Cyber Resilience

First official FAQ document on the CRA is now available. The European Commission clarifies key questions on scope, manufacturer obligations and implementation across 66 pages.

The Cyber Resilience Act (CRA) is now official. All key deadlines, requirements and action areas for companies at a glance. What does the CRA mean

The Cloud and AI Development Act aims to strengthen Europe’s cloud and AI ecosystem. Overview of Union Assurance Levels, procurement obligations and timetable. Why did

Basics of maritime cybersecurity and an analysis of the IACS UR E26 and E27 standards, including how they fit into the EU legal framework. The

Overview of NIS 2, the Cyber Resilience Act (CRA) and the Cybersecurity Act (CSA). Covers the scopes, objectives and connections between the EU’s main cyber

Learn everything about the security levels for systems and components in IEC 62443, from basics to implementation for manufacturers. Security levels (SL) in IEC 62443

SBOM scanners only detect known components, while firmware in purchased parts often remains invisible. The CRA, however, requires a complete documented list of components. What

Terms around risks, threats and threat analysis cause confusion. This overview shows what the CRA, IEC 62443 and EN 40000 require. Key points in brief

Terms around risks, threats and threat analysis cause confusion. This overview shows what the CRA, IEC 62443 and EN 40000 require. Key points Confusion does

The EU proposal COM(2025) 1023 introduces CRA-like reporting obligations for cybersecurity of medical devices and IVDs, requiring reporting via Eudamed to member-state CSIRTs and ENISA.

The repeal of Regulation 2022/30 marks the transition from the RED Delegated Act to the CRA. The RED Delegated Act remains applicable until 11 December

How targeted penetration tests secure industrial systems. Methods, requirements and best practices for machine builders, including CRA, IEC 62443 and safety aspects. Contents Attacks on