CRA Support Guide

Cyber Resilience Act (CRA)

The EU is raising the requirements for cybersecurity and software integrity for connected products with the Cyber Resilience Act (CRA) and the Radio Equipment Directive (RED). While the RED requirements have been mandatory since August 1, 2025, the CRA requirements will be introduced gradually over the coming years. The aim is to ensure the security of digital devices – covering everything from deployment and commissioning to updates and maintenance.

Our Role As A MANUFACTURER OF COMPUTER-ON-MODULES

Due to the wide range of applications and industries in which our embedded modules are integrated, KA-RO electronics supplies them without pre-installed software in order to ensure maximum flexibility and adaptability. Our Board Support Package (BSP) serves as a technical reference and development basis for customer-specific systems. It is not intended as a market-ready software product. As each application has individual requirements in terms of security and compliance, responsibility for meeting CRA and RED requirements lies with the respective entity placing the finalized device on the market.

• Secure Updates (OTA)
• Generating Software Bill of Materials (SBOM)
• CVE Management
• Secure Boot

The table below will help you to decide which guide to use, depending on the module you want to use. In this guides, the right BSP is written down, so you don’t have to worry about it.

Note

If you’re new to Yocto we recommend reading the before you continue choosing a guide.