EU CRA Cyber Resilience Act – Basics and Implementation
For more digital security in the EU
The EU's Cyber Resilience Act (CRA) introduces new binding requirements for the cybersecurity of products with digital elements.This training provides practical knowledge about the legal requirements, the affected product groups and the necessary measures for implementation.Participants will learn how to make their products CRA-compliant and which processes are relevant for manufacturers, importers and distributors. The course offers a well-founded introduction to the regulatory requirements and shows how companies can successfully implement the CE marking according to CRA.
You will learn:
- The CRA’s scope, key dates, and obligations for manufacturers.
- Requirements for product security, vulnerability management, and technical documentation.
- Reporting obligations for security incidents and vulnerabilities.
- Practical implementation strategies using international standards such as ISO/IEC 27001, 27002, 27005, 27034, and 27035, as well as guidelines from BSI and NIST.
By the end of the training, you will be equipped to prepare your organization for CRA compliance, maintain market access, and mitigate risks of sanctions and fines.
Is your company already familiar with the CRA and the deadlines associated with it?
- 10 Dec 2024: CRA enters into force
- 11 Jun 2026: Conformity assessment requirements begin
- 11 Sep 2026: Reporting obligations for vulnerabilities and incidents start
- 11 Dec 2027: Full CRA applicability for new products
This training is intended for:
- Specialists and executives in product development, quality management, regulatory affairs, and IT security.
- Manufacturers, importers and distributors of digital products sold in the EU.
Content – Day 1
- Introduction: Target groups, prerequisites and goals of the CRA
- Legal basis and classification of the CRA in the context of other EU requirements (e.g. NIS-2, AI-Act)
- Scope: Stakeholders and product groups
- Basic cybersecurity requirements according to CRA
- Obligations for manufacturers: design, development, risk assessment, technical documentation
- Vulnerability management and software bill of materials (SBOM)
Content – Day 2
- Obligations for importers, distributors, authorised representatives and other actors
- Conformity assessment and CE marking
- Cooperation at European level, in particular under NIS-2
- Application of national and international standards (e.g. BSI, ISO/IEC 27001, 27034, 27035)
- Practical implementation in the company: processes, security tests, incident management
- Summary, final discussion and clarification of open questions
The EU Cyber Resilience Act (CRA) is a landmark regulation designed to strengthen cybersecurity for products with digital elements across the European Union. It imposes strict requirements on manufacturers, including secure product design, vulnerability handling, and mandatory reporting of security incidents. This course offers a comprehensive overview of the CRA, its legal context within EU regulations, and its practical implications for businesses.
Participants will explore the CRA’s scope, key dates, and obligations for manufacturers, including conformity assessment, technical documentation, and security update processes. Special attention is given to reporting obligations under Article 14 and the measures required to maintain compliance with the state of the art.
Beyond theory, the training focuses on practical implementation strategies. You will learn how to integrate cybersecurity requirements into product development and organizational processes using internationally recognized standards such as ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27005, ISO/IEC 27034, and ISO/IEC 27035, as well as guidelines from BSI and NIST.
By completing this course, you will gain the knowledge and tools needed to ensure your products meet CRA requirements, safeguard your organization against penalties, and maintain a competitive edge in the European market. A certificate of participation from TÜV SÜD Academy will be awarded upon completion.
Understand the essentials of the EU Cyber Resilience Act (CRA) and learn how to implement its requirements effectively. This training is designed for manufacturers of products with digital elements that fall under the scope of the CRA. Gain clarity on legal obligations, reporting requirements, and practical measures to ensure compliance and avoid penalties.
- Overview of the contents and objectives of the Cyber Resilience Act
- Practical implementation aids for CE marking
- Concrete recommendations for action formanufacturers, importers and distributors
- Current information on deadlines and transitional regulations
- Exchange with experts and industry colleagues
Instructor-led training in a virtual classroom. This means the course is Live Online. Participants will learn through online teaching. Lectures, case studies, group exercises, discussions, problem solving, examples with explanation, assignments and/or quizzes happen in the virtual classroom training. Participants need to connect to the class from any internet accessible location. Each module is delivered live using webinar technology, creating a virtual classroom learning environment. Live sessions provide you with direct access to the trainer so you can ask questions, understand complex concepts and share ideas with peers. Webcam and microphone are REQUIRED to interact with the instructor and/or other participants.
The course content and structure are designed by the domain experts from TÜV SÜD. With immense experience and knowledge in the relevant standards, our team of product specialists and technical experts at TÜV SÜD, developed the course content based on current business landscape and market requirements.
Certificate of participation from the TÜV SÜD Academy
There are no entry requirements for participation in this training.
Specialist lecturers from the TÜV SÜD Academy