Skip to main content
Meet EU cybersecurity requirements for products with digital elements.
The EU Cyber Resilience Act (CRA) establishes cybersecurity requirements for products with digital elements placed on the EU market. It imposes obligations on manufacturers across the product lifecycle — secure design, vulnerability handling, and incident reporting — backed by CE marking.
The CRA applies to manufacturers, importers, and distributors of hardware and software products with digital elements sold in the EU.

Who needs EU Cyber Resilience Act?

Product manufacturers

Makers of connected hardware and software products sold in the EU.

Software vendors

Companies placing software products with digital elements on the EU market.

Key components

Secure by design

Cybersecurity built into products from the design phase.

Vulnerability handling

Processes to identify, document, and remediate vulnerabilities.

Incident reporting

Report actively exploited vulnerabilities and incidents to authorities.

CE marking

Conformity assessment and CE marking for compliant products.

How DSALTA helps with EU Cyber Resilience Act

1

Activate EU CRA

Select the EU Cyber Resilience Act from the Frameworks page. DSALTA maps requirements to controls.
2

Review product controls

Review secure design and vulnerability handling controls and assign owners.
3

Collect evidence automatically

Connect integrations to gather vulnerability and security evidence.
4

Approve policies

Review and approve secure development and disclosure policies.
5

Prepare conformity documentation

Organize evidence for conformity assessment and CE marking.

Frequently asked questions

Products with digital elements — connected hardware and software — placed on the EU market, with stricter rules for critical products.
Manufacturers must report actively exploited vulnerabilities and severe incidents to authorities within defined timelines.