Cyber Resilience Act (CRA)

EU's new regulation for enhanced security in hardware and software products

Feb 7, 2025

The Cyber Resilience Act (CRA) is the EU's new legislation aimed at improving security in both hardware and software products. The regulation imposes high requirements for companies to be able to demonstrate exactly what components their products contain, how they handle vulnerabilities, and how quickly they can respond to security incidents.

Stricter requirements for transparency and vulnerability management

To comply with CRA, companies must be able to:

  • Map their components: Have a clear overview of all parts in their software and supply chain.

  • Handle vulnerabilities effectively: Detect and address security flaws before they are exploited.

  • Report incidents quickly: CRA requires companies to act promptly during security incidents and quickly communicate risks.

This is where Software Bill of Materials (SBOM) plays a crucial role. By documenting all software components and their dependencies, SBOM helps companies identify and address vulnerabilities, making it easier to comply with CRA's requirements.

SBOM as a key component

With SBOM, companies can:

  • Meet transparency requirements by showing exactly which components are used.

  • Secure the supply chain by requiring SBOMs from suppliers.

  • Quickly address vulnerabilities by knowing exactly which parts of the product need updating.

  • Streamline incident reporting by quickly identifying affected components during a security incident.

Preparing for CRA

For companies in the software industry, CRA represents a significant change, but by implementing SBOM in their security routines, they can proactively meet the new requirements. Having full oversight of their components and a clear strategy for vulnerability management is key to both complying with legal requirements and strengthening their cybersecurity.

More about CRA

In the video below, Olle E Johansson goes through more about CRA law, its requirements and why SBOM is so important.

Interested in more CRA-related videos? Here you can find a playlist with more.

Interested in training the board, management or the IT team? Contact us for more information about our training courses and workshops.

What is SBOM?