Cyber Resilience Act (CRA) Compliance

How to reach compliance with the EU Cyber Resilience Act: our experts can help you.

> IoT | Testing & Certification > Cyber Resilience Act Compliance

Reach full compliance with the Cyber Resilience Act

The Cyber Resilience Act (CRA) is new EU cybersecurity legislation, designed to make sure products with digital elements are developed more securely, ultimately protecting consumers all over Europe. The Cyber Resilience Act covers all products with digital elements which are directly or indirectly, logically, or physically connected to a device or network. It will come into force in the EU in 2024. Are you a product manufacturer? We can help you reach full CRA compliance.

Do you need more information on the Cyber Reslience Act? Download your copy of our free Practical Guide to CRA.

This practical guide to the Cyber Resilience Act helps you take the first steps on your compliance journey.


The word ‘critical’ is mentioned 52 times in the CRA text: the regulation prioritizes raising the cybersecurity of products that are vital to society.

Important and critical products

The Cyber Resilience Act does not exist in a vacuum. This act will complement the EU NIS2 Directive: improving the cybersecurity of products that have digital features will help companies follow the rules of the NIS2 Directive and strengthen the security of the whole supply chain. The regulation distinguishes between important products (divided into Class I and Class II) and critical products, which pose the highest risk. The main particularity for the products belonging to the special categories is that they have to undergo stricter conformity assessments than most products.

Quote by

Raluca Viziteu

Security Consultant


The Cyber Resilience Act marks the first-ever EU-wide legislation of its kind, mandating cybersecurity requirements for both hardware and software products throughout their entire life cycle.

Our CRA Services


CRA Presentation

What does the CRA mean for your organization? It takes a lot of time to master the details of this cybersecurity act. You can invite one of our experts to conduct a presentation on this subject. You will gain a thorough understanding of the ins and outs of the CRA. For instance, we can explain the different conformity assessments and which rules apply to your particular product.


Gap Assessment and Certification Support

How do you determine which measures you need to implement to reach CRA compliance? We can help you with this. We have extensive experience in Gap Assessments and Certification for IEC 62443, ISO 27001/2 and we are a recognized Common Criteria laboratory. Thus, we can also support with Common Criteria/EU CC consultancy and certification.


CRA Implementation Support

After we identify potential gaps between your current security measures and the requirements of the CRA, we can provide consultancy services to solve them and help you become CRA compliant.

Contact me about the Cyber Resilience Act

Do you want to know more about how we can help you reach CRA compliance? Fill out the form and we contact within one business day.



Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.