CRA implementation made easy

How existing standards can be used to fulfill the Cyber Resilience Act (CRA) in practice.

Description

The presentation shows how the IEC 62443 standard can be used to meet the requirements of the Cyber Resilience Act (CRA) in practice.

Manufacturers are confronted with the requirements of the Cyber Resilience Act (CRA), which came into force in November 2024. The requirements of the CRA must be met by all manufacturers for their products with digital elements (i.e. with a direct or indirect logical or physical data connection to networks or devices) by December 2027 if they are placed on the EU market. The good news is that manufacturers who develop products in accordance with the IEC 62443-4-1 or IEC 62443-4-2 standard are compliant with a whole range of CRA requirements. The presentation uses several practical examples to show how IEC 62443-4-1 and IEC 62443-4-2 already fulfill the requirements for product properties or requirements for the development process (product life cycle) of the CRA.

Why the committee chose this talk

The increasing pressure of EU IT regulations has to be weighted against the cost of compliance.