The Cyber Resilience Act by industry
The Cyber Resilience Act affects every sector differently — different product classes, duties and neighbouring regulation. These pages give technical-organizational orientation per sector (not legal advice).
Cyber Resilience Act for Machinery & Industrial Automation
The Cyber Resilience Act (Regulation (EU) 2024/2847) for machinery: deadlines to 11 Dec 2027, product classes, Machinery Regulation overlap, SBOM and a roadmap from Blackfort.
Cyber Resilience Act for Software & SaaS Makers
CRA for software and SaaS makers: standalone software is a product with digital elements and typically in scope, pure SaaS usually is not (NIS2). Duties, SBOM, deadlines to 11 Dec 2027 — technical-organisational orientation from Blackfort Technology, Bonn.
Cyber Resilience Act for IoT, Embedded & Smart Products
CRA orientation for makers of IoT, embedded and smart products: RED 2022/30 transition, product classes, duties, deadlines to 11 Dec 2027. Technical-organisational information, not legal advice.
Cyber Resilience Act and Medical Technology: the Scope Boundary
MDR/IVDR medical devices are excluded from the Cyber Resilience Act (Art. 2(2)) – wellness, fitness and hospital-IT software often are not. A decision structure for the boundary. Technical-organizational orientation, not legal advice.