CRA made easy for European SMEs

CRACY was launched to help companies, mainly small and medium-sized engineering companies, comply with the new Cyber Resilience Act (CRA), which has recently been approved by the European Parliament and which will fully enter into force by December 2027. 

By means of the CRA Regulation, Europe seeks to improve the (cyber)security of both software applications, electronic appliances and SaaS services offered on the European market. The CRA requires manufacturers and service providers to perform risk assessments regarding the security of their devices and the extent to which these devices are vulnerable to hackers, and to provide mechanisms for providing continuous security updates over the course of the device’s lifecycle.

For smaller enterprises, the in-house expertise and funds available to comply with the new regulation will be challenging, and could make it more difficult for them to compete against larger companies.   The CRACY consortium will therefore develop free and open-source tools, mechanisms, checklists, and guidelines to help SMEs comply with the CRA by performing the necessary technical assessments of their products themselves. 

Ceeyu brings its expertise in attack surface analysis, helping small SaaS providers to carry out automated vulnerability assessments at low cost and effort.