Are you ready for the
Cyber Resilience Act?
4 steps, 5 minutes. Identify your obligations, measure your maturity, and get a personalized action plan — instantly.
Your market role
Tip: if you have the product designed and sell it under your brand, you are a Manufacturer, even without a factory.
Product scope
✅ YES: smartwatch, IP camera, mobile app with back-end, IoT sensor, SaaS API
❌ NO: static PDF document, 100% offline software with no network interface
Examples: MDR / IVDR (medical) · EASA (aviation) · Vehicle type-approval · Defence equipment
Class I: residential gateways, web browsers, antivirus, password managers, VPNs, wearables
Class II: industrial OS, secure microprocessors, smart cards, TPMs, critical industrial routers
Default: all others — smart TVs, connected toys, consumer applications…
Life cycle & support
Caution: paid support, SaaS, or a component embedded in a sold product = CRA applies.
Your security maturity
Honestly evaluate your current level on each of the 10 key CRA requirements.
Product out of CRA scope
Your product has no digital connectivity and therefore does not fall within the scope of the Cyber Resilience Act (Art. 2 §1 & Art. 3 §1).
Total sectoral exclusion
Your product is fully covered by a specific EU sectoral regulation (MDR, EASA, vehicle type-approval…) — total exclusion from the CRA (Art. 2 §2).
Non-commercial Open Source
Open source software developed entirely outside any commercial activity is excluded from the Cyber Resilience Act scope (Art. 3 §14a).