Call us Contact us SAV

What is Cyber resilience act ?

Le Cyber Resilience Act (CRA) est un règlement européen qui impose de nouvelles exigences de cybersécurité aux produits comportant des éléments numériques, qu’il s’agisse de matériels ou de logiciels.
Découvrir le CRA

The CRA directly concerns companies that select, integrate, or deploy IT equipment and industrial networks. The CRA particularly strengthens requirements related to security from the design stage, to vulnerability management, to support duration, to technical documentation, and to product tracking throughout their lifecycle.

Even though it primarily applies to products made available on the European market, its impact will be broader. It will progressively influence the choice of equipment, expectations towards suppliers, and documentation practices.

Discover below what the CRA entails, its stakes for industrial environments, and its influence on your future product choices.

Effective Date

December 10, 2024

Regulation is already active at the European level

Disclosure requirement

September 11, 2026

The obligation to report serious vulnerabilities and incidents comes into effect

All obligations

December 11, 2027

Complete application of all the rules of the CRA

The CRA at a glance

The Cyber Resilience Act aims to enhance the cybersecurity of products containing digital elements marketed within the European Union.

Specifically, it requires manufacturers to integrate cybersecurity from the product design stage and to consider it throughout its entire lifecycle. It should no longer be viewed as an added option afterwards.

These requirements are directly linked to compliance assessment, technical documentation, and CE marking necessary before the market launch of the affected products.

The CRA applies particularly to connected devices, embedded systems, communication gateways, industrial PCs, Panel PCs, routers, switches, and Edge platforms integrating software functions.

For companies that select and purchase these devices, this should translate into clearer security information, defined support durations, and better vulnerability support from manufacturers.

The CRA, a prerequisite for CE marking for digital products.

Which products are concerned?

The Cyber Resilience Act applies to most hardware and software products with digital elements marketed in the European Union. It concerns products whose intended or reasonably foreseeable use involves a direct or indirect connection to a device or network, whether logical or physical.

Industrial PCs, embedded computers, Panel PCs, Edge systems, industrial servers, single-board systems, and control platforms incorporating software functions.

Industrial Ethernet switches, routers, gateways, cellular routers, remote access solutions, and connected communication hardware.

Supervision software, SCADA platforms, control-command applications, equipment management software, remote maintenance solutions, configuration tools, industrial data management systems, and Edge or IoT platforms.

Which products are affected?

What should you remember for your activity?

The obligations to anticipate depend on your role in the value chain: product selection, integration, development, marketing under your own brand or launching on the European market.

In all cases, cybersecurity, support duration, technical documentation, and vulnerability management are increasingly important in the choice of equipment and project preparation.

Your company may notably need to:

  • identify products and projects requiring a cybersecurity risk assessment;
  • integrate the principles of security by design and security by default;
  • provide clear security information and usage instructions;
  • specify the product support duration and its end date;
  • organize vulnerability management and the deployment of security updates;
  • prepare technical documentation and elements of proof of compliance;
  • implement internal procedures for incident and vulnerability reporting.

How We Support You

Preparing for the requirements of the Cyber Resilience Act involves carefully assessing the security level of the solutions you select, integrate, and deploy. Integral System supports you in choosing IT and network solutions with solid security foundations from their design. The goal is to facilitate their integration into your projects and better anticipate future compliance requirements.

Choose the right computer equipment

As part of the Cyber Resilience Act, the choice of hardware and its manufacturer becomes essential. The integrated security features of the product, the duration of support, the availability of updates, and the manufacturer's ability to address vulnerabilities will have a direct impact on compliance and the sustainability of projects.

This vigilance concerns all stakeholders in the value chain: integrators, OEMs, machine builders, solution publishers, engineering firms, operators of industrial sites, or companies deploying connected equipment.

A high-performing piece of equipment from a technical standpoint is no longer sufficient. It is also necessary to verify the manufacturer's cybersecurity policy, their commitments regarding support, their vulnerability management procedures, and the documentation they will be able to provide.

That is why Integral System relies on recognized industrial partners, already engaged for several months in their preparation for the CRA. These manufacturers are particularly focused on securing their products, improving their development processes, managing updates, documenting compliance, and tracking vulnerabilities throughout the lifecycle.

CRA Readiness Level Report

Your CRA ready product

Submit a Linux image for free to the Exein Analyzer. From the generated summary report, our cybersecurity experts will help you decode the results. 

Integral System supports its clients in the selection of industrial PCs, Panel PCs, embedded systems, servers, gateways, routers, switches, and Edge platforms adapted to their technical, industrial, and regulatory constraints.

Our role is to help you to:

  • select manufacturers with a structured cybersecurity approach
  • identify the security functions necessary for your project
  • anticipate support durations and update conditions
  • obtain technical and security information available
  • limit risks associated with the integration of inadequately prepared products
  • build more sustainable and easier to maintain architectures

Choosing the right equipment and the right partners today helps reduce future adaptations and better prepares your projects for the CRA requirements.

Your quote

Your quote is empty.