Cybersecurity is one of the most significant current challenges facing European industry. Currently, there is a lack of standardized cybersecurity requirements for connected products. For this reason, the Cyber Resilience Act will enter into force on December 11, 2027. It mandates cybersecurity requirements for all products that process digital data or can be connected to other digital products. The goal is to increase the security level of IT systems and components.
Which products are affected by the CRA?
The CRA applies to hardware and software products alike. The mere capability for digital data exchange is sufficient for a product to fall under its scope. Manufacturers, distributors, and importers are responsible for ensuring compliance with the CRA. All products placed on the market in the EU must comply with the CRA, regardless of the country of manufacture. Furthermore, it is irrelevant when the product was developed or which industry it belongs to.
What are the core requirements of the CRA?
The CRA requires Security by Design: in particular, this mandates that manufacturers and developers implement processes during the design, development, and vulnerability management phases to minimize cybersecurity risks from the outset. Cybersecurity risks must be assessed and documented. The necessary actions are derived from this risk assessment.
During ongoing operation, vulnerability management is required to identify, eliminate, and communicate security gaps throughout a defined support period.
At Baumüller, the CRA affects b maXX servo drives, all control platforms and HMIs, software products, and motors with digital encoders.
As a manufacturer of products with digital elements, we will implement the following steps starting in December 2027 to meet CRA requirements:
Security by Design & Default
- We integrate cybersecurity into the development process from the very beginning.
Risk Assessment and Management
- We perform systematic risk analyses.
- We document how risks were minimized and security requirements were met.
Technical Documentation & Compliance
- We create technical documentation and EU Declarations of Conformity for the relevant products.
- We implement the corresponding conformity assessment procedures.
- We provide an SBOM.
- We mark our products with the CE mark.
Security Updates & Support
- We offer security updates for the entire service life of the product.
- Our ongoing support makes it possible to mitigate vulnerabilities.
Vulnerability Management
- We are implementing a process for detecting and reporting security gaps.
Where can I get more information?
If you’d like to stay informed about all the latest news from our company regarding the Cyber Resilience Act, please sign up for our CRA newsletter.
