The European Cyber Resilience Act (CRA)

The new European Cyber Resilience Act (CRA) is currently being developed by the EU. The legislative process is still ongoing, with much left to be determined.

How can you prepare for this new legislation? Start by minimizing cyber risks now. We test, inspect, certify and train your organization, helping you improve your organization’s cyber resilience today.

The CRA ensures that digital products must meet strict cybersecurity requirements before being placed on the European market. Both consumers and business users need to trust that digital products - from digital doorbells to accounting software - are secure.

Responsibility lies with the manufacturer. Are you a manufacturer of digital products? You must ensure your products are secure. Additionally, you are required to provide free security updates throughout the product's lifetime and report any digital vulnerabilities or incidents to customers immediately.

The CRA is expected to apply to all manufacturers, regardless of the size of your company. This is a broader approach compared to NIS2L (Network and Information Security Directive), which only applies to medium and large companies. Every product with digital elements that you want to bring to market in the EU will need to comply with this.

✓ One-stop-shop: services for OT, IT, and IoT under one roof

✓ Independent, objective assessments

✓ Expertise in laws and regulations

✓ Proven quality in testing, inspection, certification and training

✓ Forward-looking vision on cybersecurity

Would you like to know more about this topic? Call us at +31 (0)88 998 33 70 or fill out the contact form. Our experts will be happy to help you!

Go to contact form

The latest news about cybersecurity

View all the news

23 April 2026

Strategic approach strengthens cybersecurity at Nij Smellinghe Hospital

Nij Smellinghe Hospital in Drachten places a strong emphasis on quality and safety and the field of information security and cybersecurity. What started with certification and audits has evolved into a strategic approach focused on continuous learning, joint thinking and ongoing improvement. In this video, employees of Nij Smellinghe explain how they experience the collaboration with Kiwa and what the strategic approach means in practice for healthcare, quality and cybersecurity.

2 April 2026

NIS2 in healthcare: building on the foundation of NEN 7510

With the introduction of NIS2, cybersecurity requirements across Europe are being significantly tightened. Rutger Fugers, cybersecurity expert at Kiwa, explains how NEN 7510 helps healthcare organizations comply with the new European requirements in a focused and demonstrable way.

Woman working at a desk with multiple computer monitors in a modern office.

17 March 2026

ISO 27001 makes the step toward NIS2 manageable and concrete

With the introduction of NIS2, European organizations are confronted with stricter obligations related to cybersecurity, ranging from risk management and incident response to supply chain responsibility and governance. For organizations that already operate in accordance with ISO/IEC 27001, a solid foundation is in place. Rutger Fugers, cybersecurity expert at Kiwa, explains how ISO 27001 helps organizations implement NIS2 in a practical and demonstrable way.

A woman working at a desk with multiple computer monitors in a modern office setting.

8 January 2026

ISO/IEC 27701:2025 published: updated privacy standard offers organizations more guidance

The international standard ISO/IEC 27701 for privacy information management has been fully revised. While the 2019 edition was still an extension to ISO/IEC 27001 and 27002, the new ISO/IEC 27701:2025 has evolved into an independent standard for establishing and maintaining a Privacy Information Management System (PIMS). This gives organizations a stronger and clearer framework for responsible privacy management within their information security and cybersecurity processes.