Cyber Resilience Act (CRA) Guide

Cyber Resilience Act (CRA)

The EU is raising the requirements for cybersecurity and software integrity for connected products with the Cyber Resilience Act (CRA) and the Radio Equipment Directive (RED). While the RED requirements have been mandatory since August 1, 2025, the CRA requirements will be introduced gradually over the coming years. The aim is to ensure the security of digital devices – covering everything from deployment and commissioning to updates and maintenance.

Our Role As A MANUFACTURER OF COMPUTER-ON-MODULES

Due to the wide range of applications and industries in which our embedded modules are integrated, KA-RO electronics supplies them without pre-installed software in order to ensure maximum flexibility and adaptability. Our Board Support Package (BSP) serves as a technical reference and development basis for customer-specific systems. It is not intended as a market-ready software product. As each application has individual requirements in terms of security and compliance, responsibility for meeting CRA and RED requirements lies with the respective entity placing the finalized device on the market.

• Secure Update
• Generating Software Bill of Materials (SBOM)
• CVE Management
• Secure Boot