The city of Maribor recently hosted the 2nd Plenary Consortium Meeting of the CRACoWi project, bringing together 14 expert partners from across Europe to align on progress and define the next strategic steps toward simplifying cybersecurity compliance for businesses across the EU.
Over two days of in-depth collaboration (30 September – 1 October 2025), the CRACoWi consortium advanced its mission of supporting small and medium-sized enterprises (SMEs), manufacturers, importers, and distributors in complying with the EU Cyber Resilience Act (CRA) – a new legislative milestone aimed at improving the security of digital products throughout their lifecycle.
The CRACoWi (Cyber Resilience Act Compliance Wizard) project, funded under the Digital Europe Programme and supported by the European Cybersecurity Competence Centre (ECCC), is developing a user-friendly Compliance Wizard – a step-by-step digital tool that helps businesses understand and fulfil their CRA obligations.
As the CRA imposes strict new requirements for placing connected products on the EU market, CRACoWi fills a crucial gap by offering practical, hands-on support tailored to the needs of companies that may lack dedicated cybersecurity or legal teams.
The plenary meeting featured updates on all technical and strategic work packages, combined with hands-on workshops and valuable peer-to-peer learning. Partners engaged in a live walkthrough of CRACoWi in a Use Case Workshop where they identified documentation gaps, and performed tailored threat modelling for OT and IoT devices. The consortium worked in focused groups covering critical infrastructure, importers/distributors, and compliance documentation, fostering a strong foundation for the next project phases.
This plenary also included a dedicated CRAcademy session focused on certification and standardisation processes and vulnerability handling obligations for manufacturers, distributors and importers of the digital products. Not less important was a session for communication, dissemination and KPI tracking to ensure that CRACoWi’s message and resources reach the right stakeholders.
“This meeting proved once again that strong collaboration and a shared mission can turn complex legislation into practical solutions. CRACoWi is not just about compliance – it’s about empowering the European ecosystem to thrive securely,” said coordinator George Bravos, ITML.
As Europe prepares for the full enforcement of the Cyber Resilience Act, CRACoWi stands out as a pioneering project that transforms regulation into action. By helping SMEs and other economic operators navigate the complexities of the CRA, the project contributes directly to the EU’s goal of a digitally secure, innovation-driven internal market.
This time, the plenary meeting was organised by Tiko Pro, a consortium partner leading the work package for communication and dissemination. Tiko Pro ensured everything ran smoothly while also offering partners the chance to enjoy true Slovenian hospitality.
On February 12–13, 2025, the CRACoWi consortium convened in Düsseldorf, Germany, for its second Plenary Meeting – a key milestone in the project’s first year of implementation. The event brought together all 14 partners to evaluate progress, exchange insights, and align efforts in delivering on CRACoWi’s mission: helping SMEs and manufacturers navigate the new Cyber Resilience Act (CRA) requirements with ease.
The two-day meeting was hosted by ONEKEY, one of the consortium partners and a leading force in embedded cybersecurity. The gathering was a timely opportunity to reflect on achievements so far and to strategically plan for the next phases of development.
The first day was dedicated to Work Package (WP) updates, providing a comprehensive overview of each technical, legal, dissemination, and capacity-building activity currently underway. Partners shared developments in the creation of the Compliance Wizard, stakeholder engagement, and the integration of regulatory frameworks (CRA, RED, NIS2). The session ensured that the project remains on track across all its pillars: compliance automation, stakeholder support, and cybersecurity awareness. The second day zoomed in on the use cases, offering a hands-on perspective into how CRACoWi technologies will be tested and validated in real-world environments and what challenges are in front of the consortium.
Beyond the formal agenda, the plenary was marked by genuine collaboration, problem-solving, and open dialogue. The evening social dinner provided an informal space for further exchange, reinforcing the strong consortium ties and mutual commitment to the project’s success.
As the CRACoWi project gains momentum, the consortium remains focused on delivering tangible, user-friendly tools to empower European companies – especially SMEs – in meeting the cybersecurity requirements of the Cyber Resilience Act.
A special thank you goes to ONEKEY for hosting us in Düsseldorf and to ITML, the project coordinator, for guiding the process with clarity and dedication.
The digitalization of the global economy is driving a massive shift in consumer and business behaviors, creating an interconnected ecosystem of billions of devices and millions of applications. This exponential growth amplifies the importance of robust cybersecurity measures, especially as critical infrastructures like energy, healthcare, and financial services become increasingly reliant on digital technologies.
Recognizing these challenges, the EU has introduced the Cyber Resilience Act (CRA) to establish mandatory cybersecurity requirements for products with digital elements. To support organizations in meeting these stringent standards, the CRACoWi project has developed an innovative solution – the Cyber Resilience Act Compliance Wizard. This white paper explores the critical role of CRACoWi in helping SMEs navigate the complexities of CRA compliance.
A few topics from the document:
The emerging cybersecurity risks for critical infrastructures and IoT ecosystems.How the CRA establishes a secure framework for digital products through lifecycle management and vulnerability reduction.
The role of the CRACoWi Compliance Wizard in automating compliance, documentation, and certification processes for SMEs.
Real-world applications of CRACoWi tools, showcasing their adaptability across industries and product categories.
The strategic importance of collaboration between regulatory bodies, industry leaders, and innovative SMEs to ensure a resilient digital future.
SMEs play a vital role in the EU’s digital economy but often face challenges in meeting complex regulatory requirements. This white paper outlines practical solutions provided by CRACoWi, including automated compliance assessments, AI-powered self-assessment tools, and lifecycle security management methodologies. It highlights how CRACoWi enables SMEs to strengthen product security, reduce compliance burdens, and maintain a competitive edge in a rapidly evolving market.
Athens – The CRACoWi project officially launched with a two-day event – Kick-off Meeting and press conference – in Athens, organized by ITML, the project coordinator. Funded under the Digital Europe Program (DEP)and supported by the European Cybersecurity Competence Centre, the project unites 14 partners from 4 EU countries – Greece, Germany, Slovenia, and Cyprus– to develop essential tools for cybersecurity compliance and certification in the digital market.
CRACoWi (Cyber Resilience Act – Compliance Wizard) aims to create a digital tool (Compliance Wizard) that helps SMEs, manufacturers, and distributors comply with the EU’s Cyber Resilience Act. By automating compliance assessments, generating necessary documentation, and supporting cybersecurity certification, CRACoWi ensures businesses can easily meet new cybersecurity standards throughout the product lifecycle.
The project began on September 1st, 2024, and will run for 36 months, focusing on simplifying cybersecurity compliance for businesses.
On September 30th, the first day of the kick-off conference, partners presented their work packages, deliverables, and project objectives. Attendees also received insights from the EU Project Officer, who shared best practices for implementing Digital Europe Program projects and aligning CRACoWi with EU cybersecurity objectives.
On October 1st, the second day of the conference, presentations featured complementary projects and initiatives, focusing on shared goals and collaboration across the cybersecurity ecosystem. Highlights included:
A detailed overview of the Cyber Resilience Act and the Radio Equipment Directive (RED), providing insights into how RED’s implementation informed the CRA.
Presentations from related projects such as SENTINEL, CYberSynchrony, and UNDERPIN, emphasizing synergies with CRACoWi in addressing common cybersecurity challenges.
A live demonstration of BUNKAI and an overview of the CYRENE project, illustrating hands-on approaches to cybersecurity tool development.
This is just the beginning of our journey toward making Europe’s digital market more secure! Stay tuned for more updates as we continue to push the boundaries of cybersecurity and compliance.
Follow CRACoWi!Stay updated on the CRACoWi project by following us on:
