CRA Compass
The EU Cyber Resilience Act (CRA) requires manufacturers of digital products to meet mandatory cybersecurity requirements across the entire product lifecycle starting in 2027. Non-compliance can result in fines of up to EUR 15 million or 2.5% of global annual turnover.
With the CRA Compass, you can check in just a few minutes:
- Scope Check – Does the CRA apply to your product? Which product category (Default, Important I/II, Critical) applies?
- Gap Analysis – How well prepared are you across 10 CRA-relevant domains? From vulnerability management and SBOM to incident response.
- Recommendations – Concrete next steps per domain with CRA references and prioritization.
Two Areas of Expertise, One Solution
softScheck and VamiSec jointly provide a complete solution for your CRA compliance:
| softScheck | VamiSec | |
|---|---|---|
| Focus | Technical Product Security | CSMS, Organization & Processes |
| Services | Threat Modeling, Source Code Reviews, Penetration Testing, Conformity Assessment | CSMS Design, SSDLC Processes, Incident Management, Reporting Obligations |