Get CRA
ready

Streamline your Cyber Resilience Act requirements to better secure your product portfolio!
High-level CRA requirements
High-level CRA requirements

The Cyber Resilience Act (CRA) mandates cyber security requirements in products. This mix of governance and technical requirements covers the entire lifecycle of products in scope, and beyond (10 years!).

The CRA becomes applicable from 11th of September 2026, with full compliance required starting the 11th of December 2027.

cetome accompanies you

With cetome, easily navigate these obligations from initial design to long-term vulnerability reporting. Your products become:

Resilient to risks

We help you manage threats and risks throughout the product lifecycle.

Secure by design

We ensure you meet essential requirements before the first line of code.

Vulnerability-proof

We leverage SBOM and automate vulnerability management to proactively reduce your attack surface.

Market-accelerated

We help you achieve CE compliance for your product portfolio without delays.

Our services for CRA compliance

We designed our services to support you at every stage of your CRA compliance. We cover all product categories.

Gap Analysis

Evaluate the market-readiness of your products with CRA Essential Requirements to close structural gaps before it impacts your release timeline.

Benefit from this proactive approach to evaluate your products at an accessible price.

\r\n Evaluate the market-readiness of your products with CRA Essential Requirements to close structural gaps before it impacts your release timeline.\r\n\r\n Benefit from this proactive approach to evaluate your products at an accessible price.\r\n

Compliance roadmap

Optimise governance by defining key actions, milestones, and required resources to align technical execution with business objectives.

This actionable roadmap will consolidate your budget forecast.

\r\n Optimise governance by defining key actions, milestones, and required resources to align technical execution with business objectives.\r\n\r\n This actionable roadmap will consolidate your budget forecast.\r\n

Security-by-design

Integrate secure-by-design principles in your development process to better protect products throughout their lifecycle.

By leveraging this CRA requirement, you simplify your implementation of product cyber security.

\r\n Integrate secure-by-design principles in your development process to better protect products throughout their lifecycle.\r\n\r\n By leveraging this CRA requirement, you simplify your implementation of product cyber security.\r\n

Threat model for manufacturing

Identify threats and risks related to the production phase, covering both internal and external factories, to meet your mandatory CRA requirements.

Don’t miss out! You must demonstrate that your products are produced securely.

\r\n Identify threats and risks related to the production phase, covering both internal and external factories, to meet your mandatory CRA requirements.\r\n\r\n Don’t miss out! You must demonstrate that your products are produced securely.\r\n

Post-market requirements

Establish policies and processes to comply with your reporting obligations and leverage SBOM for automating vulnerability management.

Keeping products secure after release by managing cyber security issues will help you avoid crises and consolidate customer trust.

\r\n Establish policies and processes to comply with your reporting obligations and leverage SBOM for automating vulnerability management.\r\n\r\n Keeping products secure after release by managing cyber security issues will help you avoid crises and consolidate customer trust. \r\n

Secure period definition

Apply a repeatable framework to define and justify the support period for your connected products.

The duration of the secure period will drive your product maintenance strategy.
Note: the CRA requires a 5-year support period at minimum, except when dully justified.

\r\n Apply a repeatable framework to define and justify the support period for your connected products.\r\n\r\n The duration of the secure period will drive your product maintenance strategy.\r\n Note: the CRA requires a 5-year support period at minimum, except when dully justified.\r\n\r\n

Work together

Contact Us