The Cyber Resilience Act (CRA) is increasingly becoming a topic of discussion among companies across Europe. While organisations are working to understand the new requirements, many are asking a more fundamental question: how can they develop products that remain secure and trustworthy throughout their lifecycle?
To support this transition, CRACoWI consortium partner erminas GmbH will participate in the upcoming German-language webinar organised by IHK Oldenburg in cooperation with CYBERsicher – Transferstelle Cybersicherheit im Mittelstand.
📅 19 June 2026, 10:00 – 12:00 AM CEST | online
During the webinar, Dr. Yvette Teiken (erminas GmbH) and Dr. Matthias Kampmann (EASY.CRA) will provide both a regulatory overview and practical perspectives on implementing the CRA.
Participants will gain insight into:
what the CRA regulates and who it affects;
why the European Union is introducing these requirements;
practical challenges related to Software Bills of Materials (SBOMs), vulnerability management, and documentation obligations;
pragmatic approaches for integrating CRA requirements into existing processes.
The session is aimed at SMEs with digital products, machinery and plant manufacturers, IoT manufacturers, and professionals working in IT, product development, and compliance who want to prepare for the CRA in a structured and practical way.
For CRACoWI, participation in events such as this reflects the project’s commitment to sharing knowledge beyond the consortium, engaging directly with industry stakeholders, and contributing to the broader European effort to help organisations navigate the transition towards CRA readiness.
👉 Further information and registration are available via the IHK Oldenburg event page:MORE INFO & REGISTRATION
Understanding the scope of the Cyber Resilience Act (CRA) is one thing; meeting its requirements in practice is another.
As the CRA prepares to replace the cybersecurity requirements under the Radio Equipment Directive from December 2027, manufacturers are entering a new phase of readiness. The challenge is no longer just understanding the regulation, but translating legal obligations into compliant products, practical processes, and demonstrable evidence.
To support organisations on this journey, the CRACoWi project invites you to join the next session of the CRAcademy webinar series From Pain Points to Market Readiness – How CRA Tools Simplify Compliance, on 25 June 2026, at 11 AM CEST.
This practical webinar focuses on the reality of CRA implementation. Drawing on experiences from the field, it explores the recurring issues that often delay manufacturers on their path to compliance and demonstrates how a new generation of CRA tools can transform slow, manual activities into structured and repeatable processes.
Participants will gain insight into some of the most common pain points organisations encounter, including incomplete interface inventories, cryptography gaps, and documentation that cannot be easily verified. The session will show how these challenges can be addressed in ways that are actionable for product teams and aligned with the expectations of the regulation.
Designed as a bridge between regulation and engineering reality, the webinar will help attendees better understand what practical CRA readiness looks like and how organisations can prepare efficiently for market placement and future certification activities.
This session is particularly relevant for:
Manufacturers of connected and digital products;
Engineers, system architects, and product security teams;
Product managers and compliance professionals translating requirements into implementation;
SMEs preparing for CRA implementation and certification. What will you learn?
By attending, you will:
Understand why security-by-design sits at the heart of the CRA;
See who is responsible for what across manufacturers, consultants, and notified bodies;
Recognise the common pain points that lead to costly delays and understand why they occur;
Learn how CRA tools reduce manual, error-prone work into repeatable processes;
Get direct answers to your questions during the live Q&A session.
📅 26 June 2026 🕚 11:00 AM CEST | ONLINE
Participation is free of charge.
👉 Register today and take the next step from compliance pain points to market readiness.
Originally from New Zealand and now based in Cologne, Germany, Katherine brings a unique and practical perspective to cybersecurity. After retraining in her forties to become an IT specialist for system integration, she combines hands-on technical experience with an understanding of the real-world challenges organisations face when implementing cybersecurity requirements.
As part of the CRACoWi project, SevenShift contributes to raising awareness about the Cyber Resilience Act and developing practical tools to support compliance. Katherine’s work focuses on helping bridge the gap between regulatory expectations and engineering reality, making complex requirements more understandable and actionable for manufacturers and SMEs alike.
Outside of work, she enjoys parenting a teenager and exploring how technology connects to everyday life.
If you are looking for practical guidance on moving from understanding the CRA to implementing it, this webinar is designed for you.
Participation is free of charge.
👉 Register today and take the next step from compliance pain points to market readiness.
On 12 May 2026, the CRACoWi consortium partner SevenShift participated in the meeting of the Cybersecurity Competence Group titled “Cyber Resilience in Practice: Strategies for a Secure Digital Future”, held in Cologne, Germany.
The event gathered cybersecurity experts, industry representatives, and practitioners to discuss current challenges related to cyber resilience, the evolving threat landscape, and the practical implementation of the Cyber Resilience Act (CRA).
During the session “The Cyber Resilience Act: Legal Framework and Practical Experience”, Katherine Leese from SevenShift (SES) contributed to the discussion by sharing practical experiences from CRA compliance testing and presenting CRA-related tools developed through EU-funded initiatives. As part of the presentation, Katherine introduced the CRACoWi Wizard, highlighting how the project supports organisations in understanding and implementing CRA requirements in practice. Complementary tools developed within other CRA Cluster projects were also presented, underlining the importance of collaboration and alignment between related initiatives.
The discussion addressed several important topics linked to CRA implementation, including reporting obligations and deadlines, responsibilities across the supply chain, security-by-design principles, lifecycle responsibility, and practical challenges organisations face when preparing for compliance.
The meeting also explored broader cybersecurity resilience topics beyond regulatory compliance itself. Discussions focused on the changing threat landscape, including stolen credentials, infostealer malware, residential proxy usage, and increasingly rapid attack execution following successful infiltration. Additional presentations addressed automated vulnerability management, CSAF, and security.txt as important mechanisms for more structured and scalable vulnerability communication.
Participation in events such as this supports CRACoWi’s ongoing efforts to exchange practical knowledge, engage with cybersecurity communities, and strengthen cooperation with related initiatives working on CRA implementation and cyber resilience across Europe.
CRACoWi recently participated in the Cluster Synergies Webinar held on 22 April 2026, an event that brought together EU-funded cybersecurity projects to exchange insights, present ongoing work, and explore areas of alignment.
While such events are often framed as dissemination activities, their real value lies in something deeper – connecting initiatives that are addressing the same regulatory and technical challenges from different angles.
As the Cyber Resilience Act (CRA) moves closer to full implementation, the landscape of tools, methodologies, and support mechanisms across EU projects is rapidly expanding. Without active collaboration, this risks becoming fragmented. The Cluster Synergies Webinar is one of the spaces where this fragmentation can be addressed early – through open exchange, comparison of approaches, and identification of complementarities.
The development of tools supporting CRA compliance
The current progress and direction of the project
The CRAcademy, which provides structured training and practical guidance to help organisations better understand and implement CRA requirements
The discussion confirmed a recurring point across projects: organisations are not lacking awareness of the CRA – they are lacking clarity on how to act. This is where coordinated efforts between projects become essential. Each initiative contributes a different piece – whether technical tools, training, certification support, or implementation guidance – and together they form a more complete ecosystem.
Engaging with other EU initiatives also opens the door to joint dissemination, shared learning, and potential integration of approaches, ultimately increasing the impact of all projects involved.
📅21 May 2026 | 8:45 – 15:30 CEST | Venue DiHubMT, Malta | Hybrid | English | Free
The CRACoWi project will take part in the upcoming CRA Cluster event in Malta, organised as part of the Cyberstand`s EU Tour under the theme “CRA Standards Unlocked.”
This event brings together key stakeholders from EU-funded projects, industry, and standardisation bodies to discuss the implementation of the Cyber Resilience Act (CRA) and the role of standards in supporting compliance.
Through its participation, CRACoWi will contribute to discussions on how to translate CRA requirements into practical tools and approaches for manufacturers and SMEs. The event provides an opportunity to exchange knowledge, explore synergies with related initiatives, and strengthen collaboration within the CRA ecosystem.
Participation in such events is an important part of CRACoWi’s activities, ensuring that project results remain aligned with real-world needs and contribute to a coordinated European approach helping organisations better understand, prepare for, and implement CRA requirements in practice.
Meet the CRACoWi partners – ITML, Seven Shift and Tiko Pro – a the InCyber forum 31 March – 2 April, Pavilion Europe – booth E20-8A.
The CRACoWi project will be showcased at the InCyber Forum Europe 2026, one of Europe’s leading events dedicated to cybersecurity and digital trust. Bringing together thousands of experts, policymakers, and industry leaders, the Forum serves as a key platform for addressing the most pressing challenges in today’s digital landscape and strengthening cooperation across the European cybersecurity ecosystem.
CRACoWi partners ITML, SevenShift, and Tiko Pro will be present at the Pavilion Europe (Booth E20-8A), where they will introduce the project and engage with stakeholders from across the cybersecurity and innovation community.
As the Cyber Resilience Act (CRA) introduces new mandatory cybersecurity requirements for digital products in the EU, CRACoWi plays an important role in supporting organisations, especially SMEs, in navigating compliance. Through its Compliance Wizard, the project provides a practical, step-by-step approach to understanding and implementing CRA obligations.
The InCyber Forum offers a valuable opportunity to exchange knowledge, explore collaboration opportunities, and connect with organisations shaping the future of cyber resilience in Europe.
We invite you to meet the CRACoWi team at the booth and learn more about how the project is contributing to a more secure and trusted digital environment.
We are delighted that CRACoWi projectwas invited to participate in the Cyber Resilience Act (CRA) Webinar on 11 November, organized by the Dutch Ministry of Economic Affairs and the National Cybersecurity Center of the Netherlands (NCC NL).
The webinar aimed to help Dutch SMEs understand the Cyber Resilience Act and prepare for compliance with the upcoming regulation. Two EU-funded projects, CRACoWi and SECURE, were featured during the session,
Eleftheria Marini (ITML) as Project Coordinator of CRACoWi, provided an overview of the the project’s goals and impact in supporting European SMEs toward CRA compliance, with a special focus on how CRACoWi can benefit end users, particularly SMEs developing or deploying digital products.
Pablo Endres (SevenShift) presented the technical perspective, offering a high-level overview of the technologies and tools being developed, including the Cyber Resilience Act Compliance Wizard, an AI-supported framework for automated cybersecurity assessment, documentation and certification support.
The event was an important step in raising awareness and enhancing collaboration around CRA implementation across Europe, showcasing how initiatives like CRACoWi and SECURE contribute to empowering SMEs toward a more secure digital future.
📅 20 November 2025 | 14:00–15:00 CET | Online | English | Free
Join us for the first CRACoWi project webinar with Katherine Leese from SevenShift, to explore a practical, evidence-based threat modelling process that aligns directly with the CRA’s risk-assessment and documentation requirements.
Are you ready for the Cyber Resilience Act (CRA)? The CRA requires manufacturers to understand and document cybersecurity risks in their connected products – but how do you actually do that in practice?
This hands-on session bridges the gap between paper compliance and practical, testable security – giving you a repeatable approach adaptable to your own environment.
What you’ll learn: – How to use Data Flow Diagrams (DFDs) to map system context, – How to apply STRIDE to identify threats, – How to link findings to real attacker techniques using MITRE, – How the CRACoWi Wizard supports you in gathering the right evidence and demonstrating CRA readiness.
Who should attend: Engineers, product security teams, managers, and anyone involved in designing, building, or securing connected products.
ℹ️ This webinar is the first in a series of CRAcademy training sessions — practical learning opportunities designed to help you navigate and implement the Cyber Resilience Act with confidence.
The city of Maribor recently hosted the 2nd Plenary Consortium Meeting of the CRACoWi project, bringing together 14 expert partners from across Europe to align on progress and define the next strategic steps toward simplifying cybersecurity compliance for businesses across the EU.
Over two days of in-depth collaboration (30 September – 1 October 2025), the CRACoWi consortium advanced its mission of supporting small and medium-sized enterprises (SMEs), manufacturers, importers, and distributors in complying with the EU Cyber Resilience Act (CRA) – a new legislative milestone aimed at improving the security of digital products throughout their lifecycle.
The CRACoWi (Cyber Resilience Act Compliance Wizard) project, funded under the Digital Europe Programme and supported by the European Cybersecurity Competence Centre (ECCC), is developing a user-friendly Compliance Wizard – a step-by-step digital tool that helps businesses understand and fulfil their CRA obligations.
As the CRA imposes strict new requirements for placing connected products on the EU market, CRACoWi fills a crucial gap by offering practical, hands-on support tailored to the needs of companies that may lack dedicated cybersecurity or legal teams.
The plenary meeting featured updates on all technical and strategic work packages, combined with hands-on workshops and valuable peer-to-peer learning. Partners engaged in a live walkthrough of CRACoWi in a Use Case Workshop where they identified documentation gaps, and performed tailored threat modelling for OT and IoT devices. The consortium worked in focused groups covering critical infrastructure, importers/distributors, and compliance documentation, fostering a strong foundation for the next project phases.
This plenary also included a dedicated CRAcademy session focused on certification and standardisation processes and vulnerability handling obligations for manufacturers, distributors and importers of the digital products. Not less important was a session for communication, dissemination and KPI tracking to ensure that CRACoWi’s message and resources reach the right stakeholders.
“This meeting proved once again that strong collaboration and a shared mission can turn complex legislation into practical solutions. CRACoWi is not just about compliance – it’s about empowering the European ecosystem to thrive securely,” said coordinator George Bravos, ITML.
As Europe prepares for the full enforcement of the Cyber Resilience Act, CRACoWi stands out as a pioneering project that transforms regulation into action. By helping SMEs and other economic operators navigate the complexities of the CRA, the project contributes directly to the EU’s goal of a digitally secure, innovation-driven internal market.
This time, the plenary meeting was organised by Tiko Pro, a consortium partner leading the work package for communication and dissemination. Tiko Pro ensured everything ran smoothly while also offering partners the chance to enjoy true Slovenian hospitality.