Cyber Resilience Act

Are you ready for your new cybersecurity responsibilities?

Cyber Resilience Act

The European Union has adopted a new regulation called the Cyber Resilience Act (CRA). Its aim is to ensure that digital products are secure against cyberattacks. 

If your company manufactures, develops, or supplies software, hardware, or smart devices, it is very likely that this regulation applies to you. 

Who is affected by the Cyber Resilience Act?


Software and Applications

companies developing software or applications

Hardware and IoT

manufacturers of hardware and smart devices (IoT)

Digital Solutions

providers of digital solutions

Products on the EU Market

companies placing technology products on the EU market

It doesn't matter how big the company is—these obligations may also apply to smaller manufacturers.

What will you need to address?

ensure that your products are secure by design

regularly fix security vulnerabilities

maintain an overview of risks and vulnerabilities

keep basic product security documentation

report serious security incidents

Failure to comply with these obligations may result in significant fines and damage to the company’s reputation.


CRA Timeline


12/2024
CRA enters into force
01/2025
Start of standardization
09/2026
Mandatory reporting
11/2026
Harmonized standards
12/2027
Full applicability of the regulation

EU Implementing Regulation 2025/2392 sets out technical specifications for important and critical products

How can BDO help you?

BDO can help you understand exactly what the Cyber Resilience Act means for you. 

We will help you: 

  • determine whether the regulation applies to you 
  • explain your obligations in plain language 
  • set up simple and effective procedures 
  • prepare the necessary documents 
  • align new obligations with other regulations (e.g., NIS2) 
  • assess whether both your company and its suppliers fall under the CRA (including a checklist for assessing suppliers).

Don’t expect complicated theories—we focus on practical solutions.

Why work with BDO?

01 We understand both cybersecurity and regulations

02 We speak the language of everyday business, not just IT 

03 We have experience from numerous projects in the Czech Republic and the EU

04 We help with actual implementation, not just paperwork 

The Cyber Resilience Act isn't just a requirement. It's an opportunity to boost customer confidence and enhance the security of your products.

Get ready in advance

Contact us to find out how the new requirements will affect your business.

Tomáš Kubíček

Tomáš Kubíček

Partner, Digital Services • Advisory
View bio
Libor Šrám

Libor Šrám

Manager • Advisory
View bio