EU Cyber Resiliance Act (CRA)

CRA Compliance Services

CRA Training Sessions

Fixed training sessions on CRA requirements

Recommended for manufacturers that need an overview of the CRA and how this new regulation will impact their products

Understand how CRA will affect your business

CRA Readiness Assessment

Identify your gaps and build a roadmap to Cyber Resilience Act compliance.

Recommended for companies with products likely affected by CRA, especially in the Default category, and limited experience in cybersecurity requirements like vulnerability or incident reporting.

Check your CRA readiness with a Gap Analysis.

Cyber Resilience Applus+ Mark

Fixed-time cyber evaluation for CRA confidence.

Recommended for vendors in the Default category or in the Important Class I, opting for a voluntary third-party assurance over self-assessment.

Evaluate your cyberresilience maturity and get a Certification Mark

EUCC Conformity Assessment

Meet CRA’s highest standards with EUCC-based third-party conformity assessment.

Recommended for manufacturers of Important and Critical category products requiring mandatory third-party certification.

Achieve CRA compliance with EUCC certification

CRA essential requirements and roads to compliance

The Cyber Resilience Act (CRA) is a European regulation that introduces mandatory cybersecurity requirements for products with digital elements placed on the EU market. It applies to manufacturers, importers, and distributors of connected devices, software, and systems that may impact digital infrastructure.

CRA compliance involves risk management, vulnerability handling, incident reporting, and conformity documentation. Depending on the product category—Default, Important, or Critical—companies must meet different levels of assurance, ranging from self-assessment to third-party certification.

Although the regulation is not yet mandatory, its implementation is approaching fast: some obligations will become enforceable in 2026, with the full framework expected to be mandatory by 2027. An early understanding of the CRA and its requirements is essential to avoid delays and ensure market access.

CRA Obligations for Manufacturers (premarket)
CRA Reporting Obligations (aftermarket)

Applus+ Laboratories provides tailored support for companies at every stage of CRA readiness, with solutions adapted to the compliance requirements of each product category

CRA Timeline

Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.

Cookie settings panel

Essential cookies

They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy.

Always active
Analytics cookies

They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy.
Advertising cookies

Based on your behavior on the website (where you click, how long you browse, etc.) we establish parameters and a profile for you to display ads that correspond to your interests. See the cookies we store in our Cookies Policy.