Cyber Resilience Act: Are your products ready?
Prepare for the CRA with Orbik and build compliant products throughout their lifecycle.
CRA Timeline
10 december 2024
CRA enters into force
Today
11 september 2026
Vulnerability management reporting obligations start
11 december 2027
CRA full application. Mandatory for in-scope products
What the CRA expects from you
Secure by default products, no known exploitable vulnerabilities at launch.​​
Continuous vulnerability management and updates during support period.
Clear documentation, CE marking and conformity assessment where required.
Incident and vulnerability reporting to users and authorities.
How Orbik helps you with the CRA
Laboratory
Pre-testing and advanced security testing for connected products. Acredited testing for IEC 62443, CRA and related standards. Support for certification and CE marking.
Product
Automated security tests for your products. Centralized vulnerability and SBOM management One place for CRA compliance evidence.
Compliance services
CRA GAP Analysis and initial risk assessment. Secure development and testing strategy (S-SDLC). Ongoing advisory, audits and compliance reviews.​
Who is affected by the CRA?
Product Manufacturers
For companies developing products: full compliance and cybersecurity evaluation from design to launch.
System Integrators
For integrators and organizations operating with third-party products: assurance that all suppliers meet required standards and regulations.
Distributors
Distributing products in the supply chain: Responsibility to verify regulatory compliance and pass on conformity information to customers.
Manufacturers define a category based on the criteria of the standard
Products that are not classified in any other class
Modules: A, B+C, H
Notified body: optional for Module B+C or H
Modules A, B+C, H
Notified body: optional for Module B+C or H
Products with sensitive security or connectivity functions
Annex III. A CRA, Annex I
Modules: B+C, H
Notified body: recommended for Module B+C
Products with higher criticalty or greater potential impact
Annex III. B, CRA, Annex I
Modules: B+C, H
Notified body: mandatory
Products capable of causing serious disruptions to essential services
Annex IV CRA
Modules: H, B+C³
Notified body: mandatory
How much do you know about CRA?
Assess your CRA readiness
The Cyber Resilience Act (CRA) introduces new cybersecurity requirements for digital products in the EU.
Answer a few quick questions to see where your organization stands today and what kind of support would be most useful for you.
This is how Orbik helps you at every stage
Dont know where to start?
GAP Analysis to identify your compliance status
Support in generating SBOMs
During development
Technical controls implementation
Vulnerability management platform
Need validation
Cybersecurity testing
Automated compliance dashboard and security checks
Seek certification
Accredited audits and regulatory assessments
Centralized documentation and support
Need to monitor cybersecurity operations
Continuous vulnerability management
Support for regulatory notifications
Do you want to
know more?
From GAP Analysis to certification, we are here to support you at every step. Reach out to start improving your product cybersecurity today.
Do you want to know more?
From GAP Analysis to certification, we are here to support you at every step. Reach out to start improving your product cybersecurity today.