EN | DE
Home
DE

Unlocking the EU Cyber Resilience Act: What You Need to Know

This pivotal piece of legislation is set to transform the cybersecurity landscape across Europe by addressing the need for robust security practices throughout the lifecycle of digital products.

What is the EU Cyber Resilience Act?

The Cyber Resilience Act mandates rigorous cybersecurity standards for all software and hardware products, as well as their remote data processing solutions. This legislation spans the entire lifecycle of these products—from initial design through to their obsolescence phase. Its aim is to mitigate risks and enhance security, ensuring that products on the EU market are resilient against cyber threats.

Download our CRA compliance report

Product Classification and Requirements

The CRA categorises products into three distinct classes based on their cybersecurity risk levels:

Class I:

Requirements: Adhere to standard protocols or complete a third-party assessment to prove conformity.

Examples: Microcontrollers, physical network interfaces.

Cybersecurity Risk: Lower risk compared to Class II products.

Class II:

Requirements: Complete a third-party conformity assessment.

Examples: Smart meters, industrial switches.

Cybersecurity Risk: Higher risk due to potential vulnerabilities affecting critical infrastructure.

Failure to comply with the CRA can lead to substantial penalties, including fines of up to €15 million or 2.5% of global annual turnover for the previous fiscal year, whichever is greater.

Why the Cyber Resilience Act Matters

Protecting Intellectual Property

Intellectual property theft impedes innovation and economic growth. Effective internal security protocols and practices are crucial.

Reducing Financial Losses

Companies lose an average of $200 billion annually due to product piracy and cyber-attacks (London School of Business and Finance).

Mitigating Breach Costs

In 2023, the average cost per data breach was $4.45 million (IBM).

Managing Legal Risks

Defending against patent lawsuits can cost up to $3 million (World Intellectual Property Organization).

Key provisions of the CRA

Vulnerability Disclosure: Manufacturers are required to implement coordinated vulnerability disclosure policies to facilitate the reporting of security flaws.

EU Declaration of Conformity: Manufacturers must assume responsibility for their products' cybersecurity throughout their lifecycle.

What this means for you?

  • Encourage Accountability: Manufacturers will bear increased responsibility for cybersecurity, which should ideally lead to stronger, more secure products.
  • Enhance Security: Products with digital elements will have fewer vulnerabilities, promoting a safer digital environment.
  • Increase Trust: Consumers and end-users will benefit from greater trust in the security of their devices.

While some systems and software providers may view these new responsibilities as a burden, the Act underscores the importance of proactive security measures.

Stay ahead of the curve

Navigating the complexities of the Cyber Resilience Act requires a proactive approach. Ensure your products meet the new standards and stay informed about evolving regulations to maintain compliance and safeguard your business and customers. By addressing vulnerabilities early, manufacturers can avoid more severe consequences and foster greater trust with their customers.

Emproof Nyx:

  • Uses advanced binary transformation to protect firmware from vulnerabilities like buffer overflow and code injection.
  • Obfuscates code and protects intellectual property without needing source code access.

Cetome's evaluation in mid-2024 assessed Nyx against the March 2024 CRA standards.

The resulting mapping details how Emproof Nyx supports compliance with the Essential Requirements, helping companies stay ahead of regulatory changes:

CRA requirement How Emproof Nyx can help Level of support
Attack surface reduction One key feature of Nyx is to limit memory-based attacks from all interfaces, user or system. Nyx is protocol agnostic: it protects all communication interfaces and user inputs. Moreover, Nyx makes firmware reversing more difficult with advanced code obfuscation techniques as well as anti-debug and anti-tamper. Excellent
Incident mitigation Nyx will reduce the impact of memory-based incidents by moving the product to a "safe state" (or to an "error state"). This state is fully configurable. Nyx offers profiles to apply this protection to selected functions, such as mission-critical code. Excellent

Download the CRA Compliance Report

The report details descriptions of Emproof Nyx features, the level of compliance support offered, and the gaps customers should fulfil in addition to the implementation of Emproof Nyx.

Request the Report
Cetome CRA Compliance Report

Remain CRA compliant with Emproof Nyx

Emproof Nyx offers state-of-the-art protection against hacking attempts, ensuring the integrity and safety of embedded systems. Our cutting-edge technology is designed to secure devices across various applications, providing peace of mind in a world where cyber threats are ever-evolving. Our solution is ideal for:

  • Microcontroller with C/C++ or other memory unsafe languages:
    • ARM Cortex-M, RISC-V devices, and more.
  • Devices that have some connectivity (e.g. network based) or user-input.
  • Compiler lacking support – most open-source compilers such as GCC/clang.
  • Bare-Metal/RTOS.
Try the Emproof Nyx demos
Emproof Nyx product
Get in touch

Our functional safety compliant and trusted solution protects your embedded system.

Request Demo