Cyber Resilience Act

Cyber Resilience Act

Using the Cyber Resilience Act for competitive advantage

In an increasingly connected world, cyber threats to both consumers and businesses are on the rise. To ensure that fewer products with vulnerabilities are brought to market in the future, the European Union aims to make the cyber security of products recognisable to the user. The corresponding requirements are defined by the Cyber Resilience Act (CRA), which will probably come into force throughout the EU at the end of 2023. With its introduction, companies face the challenge of adapting to strict regulations and standards.

However, the landmark law does not only bring challenges, but also opens up a multitude of opportunities: companies that adapt to the requirements of the CRA in good time can gain a competitive advantage, strengthen the trust of their customers and protect their corporate assets. As a leading management consultancy, we help companies develop and implement strategies to strengthen their cyber resilience. In doing so, we bring our strengths from several disciplines: strategic product planning, innovative product development, efficient production processes and cyber security. Our holistic approach enables us to prepare you early for the EU-wide Cyber Resilience Act and make your company future-proof.

Motivation of the European Union
  • Put fewer products with weaknesses on the European market
  • Enable users to consider cybersecurity in product selection and use
Impacts on companies
  • All manufacturers of products with "digital elements" on the European market are affected
  • Includes all products in development, in production and those already on the market
  • Violations can result in fines of up to 15 million euros or 2.5% of global turnover.
  • Excluding manufacturers of medical devices, aircraft or automobiles (already regulated elsewhere)

The obligations under the Cyber Resilience Act

Responsibility for cyber security for the entire product life cycle - from planning to phasing out

Risk assessments for products and documentation of the risks up to the approval of the products by review bodies

Effective vulnerability management for all products on the market, for their respective expected product lifetimes

Clear and understandable application for the end users for the safe operation of the products

Reporting vulnerabilities and security incidents to the European Security Agency ENISA

Provide free security updates

Unsere Consulting Services für den Cyber Resilience Act

Ihre Mehrwerte des Cyber Resilience Acts sind die Sicherung des Wettbewerbs, die Minimierung von Cyberrisiken im Produkt und die Compliance zu EU-Gesetzen. Wir helfen Ihnen bei der Entwicklung und Umsetzung Ihrer Cyber Resilience.

Bestandsaufnahme und CRA-Readiness
  • Analyse des Produktportfolios
  • Abdeckungsgrad CRA-Anforderungen
  • Risikoanalyse eines repräsentativen Produkts
  • Gap-Analyse der produktbezogenen Cyber Security-Fähigkeiten
Nachhaltiges Resilience Konzept
  • Empfohlene Umsetzungsstrategie, angewandt auf die Produkte
  • Sicherer Produktlebenszyklus (Prozess, Organisation, Governance, …)
  • Robuste Entwicklungs-Toolchain
Transformationsplanung und Umsetzungsbegleitung
  • Business Case
  • Sofortmaßnahmen zur Erhöhung der Produktsicherheit bestehender Produkte
  • Masterplan of Action
  • Umsetzungsbegleitung ausgewählter Produkte

Our Consulting Services for the Cyber Resilience Act

Your added values of the Cyber Resilience Act are securing competition, minimising cyber risks in the product and compliance with EU laws. We help you develop and implement your cyber resilience.

Inventory and CRA Readiness
  • Analysis of the product portfolio
  • Coverage of CRA requirements
  • Risk analysis of a representative product
  • Gap analysis of product-related cyber security capabilities
Sustainable Resilience Concept
  • Recommended implementation strategy applied to the products
  • Safe product life cycle (process, organisation, governance, ...)
  • Robust development toolchain
Transformation planning and implementation support
  • Business Case
  • Immediate measures to increase the product safety of existing products
  • Masterplan of Action
  • Implementation support for selected products

Warum UNITY?

>25 Jahre Strategie- und Umsetzungskompetenz in der Produktionsentwicklung

Ausgezeichnete Beratung in der Cybersicherheit

Entwicklungskompetenz in der UNITY Innovation Alliance: Sichere Embedded-Entwicklung durch Smart Mechatronics


>25 years of strategy and implementation expertise in production development

Excellent Cyber Security consulting

Development expertise in the UNITY Innovation Alliance: Safe embedded development through Smart Mechatronics

Make an appointment with our experts

Depending on the topic, we provide you with the right experts. Select your preferred date from our calendar and discuss your concerns with our experts by phone or via Microsoft Teams without any obligation. We look forward to getting to know you!

Book an appointment

Kennen Sie schon Smart Mechatronics?

Entwicklungspartner für intelligente, vernetzte Systeme

Unser Mitgliedsunternehmen der UNITY Innovation Alliance, Smart Mechatronics, ist Entwicklungspartner für intelligente, vernetzte Systeme, wie sie in modernen ­Fahrzeugen, Häusern oder Medizingeräten etc. zu finden sind. Mit Begeisterung und erforderlichem Know-how berät, entwickelt und unterstützt Smart Kunden in ihren ­Produktentwicklungsprozessen oder als Entwicklungspartner in ihrer Produktentwicklung im täglichen Projektgeschäft.

Mehr erfahren!

Your contacts

Michael Happ

Head of Cyber Security

Cologne, Germany
Contact us

Dr. Michael Herbst

Partner, Head of Business Area

Cologne, Germany
Contact us