We are delighted that CRACoWi projectwas invited to participate in the Cyber Resilience Act (CRA) Webinar on 11 November, organized by the Dutch Ministry of Economic Affairs and the National Cybersecurity Center of the Netherlands (NCC NL).
The webinar aimed to help Dutch SMEs understand the Cyber Resilience Act and prepare for compliance with the upcoming regulation. Two EU-funded projects, CRACoWi and SECURE, were featured during the session,
Eleftheria Marini (ITML) as Project Coordinator of CRACoWi, provided an overview of the the project’s goals and impact in supporting European SMEs toward CRA compliance, with a special focus on how CRACoWi can benefit end users, particularly SMEs developing or deploying digital products.
Pablo Endres (SevenShift) presented the technical perspective, offering a high-level overview of the technologies and tools being developed, including the Cyber Resilience Act Compliance Wizard, an AI-supported framework for automated cybersecurity assessment, documentation and certification support.
The event was an important step in raising awareness and enhancing collaboration around CRA implementation across Europe, showcasing how initiatives like CRACoWi and SECURE contribute to empowering SMEs toward a more secure digital future.
📅 20 November 2025 | 14:00–15:00 CET | Online | English | Free
Join us for the first CRACoWi project webinar with Katherine Leese from SevenShift, to explore a practical, evidence-based threat modelling process that aligns directly with the CRA’s risk-assessment and documentation requirements.
Are you ready for the Cyber Resilience Act (CRA)? The CRA requires manufacturers to understand and document cybersecurity risks in their connected products – but how do you actually do that in practice?
This hands-on session bridges the gap between paper compliance and practical, testable security – giving you a repeatable approach adaptable to your own environment.
What you’ll learn: – How to use Data Flow Diagrams (DFDs) to map system context, – How to apply STRIDE to identify threats, – How to link findings to real attacker techniques using MITRE, – How the CRACoWi Wizard supports you in gathering the right evidence and demonstrating CRA readiness.
Who should attend: Engineers, product security teams, managers, and anyone involved in designing, building, or securing connected products.
ℹ️ This webinar is the first in a series of CRAcademy training sessions — practical learning opportunities designed to help you navigate and implement the Cyber Resilience Act with confidence.
The city of Maribor recently hosted the 2nd Plenary Consortium Meeting of the CRACoWi project, bringing together 14 expert partners from across Europe to align on progress and define the next strategic steps toward simplifying cybersecurity compliance for businesses across the EU.
Over two days of in-depth collaboration (30 September – 1 October 2025), the CRACoWi consortium advanced its mission of supporting small and medium-sized enterprises (SMEs), manufacturers, importers, and distributors in complying with the EU Cyber Resilience Act (CRA) – a new legislative milestone aimed at improving the security of digital products throughout their lifecycle.
The CRACoWi (Cyber Resilience Act Compliance Wizard) project, funded under the Digital Europe Programme and supported by the European Cybersecurity Competence Centre (ECCC), is developing a user-friendly Compliance Wizard – a step-by-step digital tool that helps businesses understand and fulfil their CRA obligations.
As the CRA imposes strict new requirements for placing connected products on the EU market, CRACoWi fills a crucial gap by offering practical, hands-on support tailored to the needs of companies that may lack dedicated cybersecurity or legal teams.
The plenary meeting featured updates on all technical and strategic work packages, combined with hands-on workshops and valuable peer-to-peer learning. Partners engaged in a live walkthrough of CRACoWi in a Use Case Workshop where they identified documentation gaps, and performed tailored threat modelling for OT and IoT devices. The consortium worked in focused groups covering critical infrastructure, importers/distributors, and compliance documentation, fostering a strong foundation for the next project phases.
This plenary also included a dedicated CRAcademy session focused on certification and standardisation processes and vulnerability handling obligations for manufacturers, distributors and importers of the digital products. Not less important was a session for  communication, dissemination and KPI tracking to ensure that CRACoWi’s message and resources reach the right stakeholders.
“This meeting proved once again that strong collaboration and a shared mission can turn complex legislation into practical solutions. CRACoWi is not just about compliance – it’s about empowering the European ecosystem to thrive securely,” said coordinator George Bravos, ITML.
As Europe prepares for the full enforcement of the Cyber Resilience Act, CRACoWi stands out as a pioneering project that transforms regulation into action. By helping SMEs and other economic operators navigate the complexities of the CRA, the project contributes directly to the EU’s goal of a digitally secure, innovation-driven internal market.
This time, the plenary meeting was organised by Tiko Pro, a consortium partner leading the work package for communication and dissemination. Tiko Pro ensured everything ran smoothly while also offering partners the chance to enjoy true Slovenian hospitality.
On February 12–13, 2025, the CRACoWi consortium convened in DĂĽsseldorf, Germany, for its second Plenary Meeting – a key milestone in the project’s first year of implementation. The event brought together all 14 partners to evaluate progress, exchange insights, and align efforts in delivering on CRACoWi’s mission: helping SMEs and manufacturers navigate the new Cyber Resilience Act (CRA) requirements with ease.
The two-day meeting was hosted by ONEKEY, one of the consortium partners and a leading force in embedded cybersecurity. The gathering was a timely opportunity to reflect on achievements so far and to strategically plan for the next phases of development.
The first day was dedicated to Work Package (WP) updates, providing a comprehensive overview of each technical, legal, dissemination, and capacity-building activity currently underway. Partners shared developments in the creation of the Compliance Wizard, stakeholder engagement, and the integration of regulatory frameworks (CRA, RED, NIS2). The session ensured that the project remains on track across all its pillars: compliance automation, stakeholder support, and cybersecurity awareness. The second day zoomed in on the use cases, offering a hands-on perspective into how CRACoWi technologies will be tested and validated in real-world environments and what challenges are in front of the consortium.
Beyond the formal agenda, the plenary was marked by genuine collaboration, problem-solving, and open dialogue. The evening social dinner provided an informal space for further exchange, reinforcing the strong consortium ties and mutual commitment to the project’s success.
As the CRACoWi project gains momentum, the consortium remains focused on delivering tangible, user-friendly tools to empower European companies – especially SMEs – in meeting the cybersecurity requirements of the Cyber Resilience Act.
A special thank you goes to ONEKEY for hosting us in DĂĽsseldorf and to ITML, the project coordinator, for guiding the process with clarity and dedication.
Athens – The CRACoWi project officially launched with a two-day event – Kick-off Meeting and press conference – in Athens, organized by ITML, the project coordinator. Funded under the Digital Europe Program (DEP)and supported by the European Cybersecurity Competence Centre, the project unites 14 partners from 4 EU countries – Greece, Germany, Slovenia, and Cyprus– to develop essential tools for cybersecurity compliance and certification in the digital market.
CRACoWi (Cyber Resilience Act – Compliance Wizard) aims to create a digital tool (Compliance Wizard) that helps SMEs, manufacturers, and distributors comply with the EU’s Cyber Resilience Act. By automating compliance assessments, generating necessary documentation, and supporting cybersecurity certification, CRACoWi ensures businesses can easily meet new cybersecurity standards throughout the product lifecycle.
The project began on September 1st, 2024, and will run for 36 months, focusing on simplifying cybersecurity compliance for businesses.
On September 30th, the first day of the kick-off conference, partners presented their work packages, deliverables, and project objectives. Attendees also received insights from the EU Project Officer, who shared best practices for implementing Digital Europe Program projects and aligning CRACoWi with EU cybersecurity objectives.
On October 1st, the second day of the conference, presentations featured complementary projects and initiatives, focusing on shared goals and collaboration across the cybersecurity ecosystem. Highlights included:
A detailed overview of the Cyber Resilience Act and the Radio Equipment Directive (RED), providing insights into how RED’s implementation informed the CRA.
Presentations from related projects such as SENTINEL, CYberSynchrony, and UNDERPIN, emphasizing synergies with CRACoWi in addressing common cybersecurity challenges.
A live demonstration of BUNKAI and an overview of the CYRENE project, illustrating hands-on approaches to cybersecurity tool development.
This is just the beginning of our journey toward making Europe’s digital market more secure! Stay tuned for more updates as we continue to push the boundaries of cybersecurity and compliance.
Follow CRACoWi!Stay updated on the CRACoWi project by following us on:
