White Paper
EU Cyber Resilience Act Compliance Guide
Learn more about the EU Cyber Resilience Act (CRA) and what manufacturers of products with digital elements must do to comply.
The EU Cyber Resilience Act makes cybersecurity a condition of market access for any product with digital elements sold in the EU. Reporting obligations begin in September 2026, with full compliance required by December 2027, and penalties reach up to €15M or 2.5% of global revenue.
In this compliance guide, you'll learn:
- Who and what is in scope: The CRA applies to any manufacturer placing connected products on the EU market, from IoT devices to industrial equipment, with exceptions for sectors like medical devices and automotive already covered by their own regulations.
- What the regulation requires: The guide breaks down the 22 essential requirements of Annex I, covering secure design, vulnerability management, and the technical documentation needed for conformity assessment and CE marking.
- How Ketryx supports CRA compliance: Ketryx serves as the system of record for requirements, risks, tests, SBOMs, and approvals, keeping conformity evidence traced to the regulation and audit-ready across the product lifecycle.
Get the
White Paper