The European Cyber Resilience Act (CRA)

The new European Cyber Resilience Act (CRA) is currently being developed by the EU. The legislative process is still ongoing, with much left to be determined.

How can you prepare for this new legislation? Start by minimizing cyber risks now. We test, inspect, certify and train your organization, helping you improve your organization’s cyber resilience today.

What does the CRA mean for you?

The CRA ensures that digital products must meet strict cybersecurity requirements before being placed on the European market. Both consumers and business users need to trust that digital products - from digital doorbells to accounting software - are secure.

Responsibility lies with the manufacturer. Are you a manufacturer of digital products? You must ensure your products are secure. Additionally, you are required to provide free security updates throughout the product's lifetime and report any digital vulnerabilities or incidents to customers immediately.

What is the difference between the CRA and NIS2?

The CRA is expected to apply to all manufacturers, regardless of the size of your company. This is a broader approach compared to NIS2L (Network and Information Security Directive), which only applies to medium and large companies. Every product with digital elements that you want to bring to market in the EU will need to comply with this.

✓ One-stop-shop: services for OT, IT, and IoT under one roof

✓ Independent, objective assessments

✓ Expertise in laws and regulations

✓ Proven quality in testing, inspection, certification and training

✓ Forward-looking vision on cybersecurity

Would you like to know more about this topic? Call us at +31 (0)88 998 33 70 or fill out the contact form. Our experts will be happy to help you!

Go to contact form

The latest news about cybersecurity

View all the news

4 December 2025

How ISO 27001, NEN 7510 and NIS2 work together to improve information security

Cyber threats are increasing and organisations in vital sectors must better protect themselves against these digital risks. This article explains how ISO 27001, NEN 7510 and the new European NIS2 directive work together to strengthen information security. It describes the similarities between the standards and the directive, includes a practical step-by-step guide to meeting NIS2 requirements, and shows how Kiwa can support organisations in this process.

27 November 2025

What does the new NEN 7510:2024 mean for certificate holders?

Information security remains a top priority in healthcare. With the 2024 revision of NEN 7510, there is now a standard that is better aligned with international frameworks such as ISO 27001. But what does this mean in practice for healthcare organizations that are certified or aiming for certification? Rutger Fugers, scheme manager at Kiwa, explains the key changes, points of attention and benefits of the revised standard.

20 November 2025

Kiwa achieves NEN 7510:2024 accreditation

The Dutch Accreditation Council (RvA) has recently accredited Kiwa for the revised NEN 7510 standard. This accreditation allows Kiwa to audit and certify its clients in accordance with NEN 7510:2024. With this step, Kiwa further aligns with the already revised ISO 27001:2022 standard.

26 May 2025

Kiwa achieves official accreditation for EN 18031 – supporting manufacturers towards EU product cybersecurity compliance

Kiwa is now officially accredited for EN 18031 parts 1, 2 and 3 – the newly introduced European cybersecurity standards for products. This accreditation positions Kiwa among the first bodies in Europe to support manufacturers in meeting the requirements of the upcoming EU Cybersecurity Regulation, which becomes mandatory as of 1 August 2025.