cyber ​​resilience act: the countdown has begun, are you ready for the cra?

  • Home
    •  / 
  • Our news
    •  / 
  • Company
    •  / 
  • Cyber ​​Resilience Act: the countdown has begun, are you ready for the CRA?

A few days ago, we spoke at Industrie Time about the Cyber ​​Resilience Act (CRA).

Discussions with participants confirmed what we are seeing on the ground: the topic is generating significant interest, yet many companies still do not know where to start.

This is no coincidence.

The CRA has been in force since December 11, 2024, and represents a true paradigm shift for all manufacturers, importers, and distributors of products with digital components (software, hardware, connected devices, etc.): cybersecurity is no longer optional; it is a legal obligation that must be integrated from the design stage and maintained throughout the product lifecycle.

What this means in practical terms:

Security by design
Active vulnerability management throughout the lifecycle
Full transparency with your users
Compliance across your entire supply chain

Key deadlines to remember:

December 11, 2024: CRA enters into force
September 11, 2026: First critical deadline – mandatory vulnerability reporting
December 11, 2027: Full applicability of the regulation

And what happens in the event of non-compliance? Fines of up to €15 million or 2.5% of total worldwide annual turnover (whichever is higher), plus a ban on accessing the European market.

The good news? There is still time to act.

The bad news? Every passing month reduces your room for maneuver.

Our approach at Médiane Système:

Compliance audit: identifying gaps relative to CRA requirements
Transformation: adapting your development processes and supply chain
Achieving compliance: documentation, testing, and declarations of conformity

Our experts, based across five European offices, cover the entire value chain, from product design to post-market vulnerability management, leveraging our expertise in cybersecurity, industrial networks, embedded systems, and software.

If you haven’t yet assessed the impact of the CRA on your products, now is the time.

First step: Have one of your products audited.

We identify gaps and propose a prioritized action plan.

Shall we discuss it?