Blackfort TechnologyBlackfort Technology

The Cyber Resilience Act by industry

The Cyber Resilience Act affects every sector differently — different product classes, duties and neighbouring regulation. These pages give technical-organizational orientation per sector (not legal advice).

Cyber Resilience Act for Machinery & Industrial Automation

The Cyber Resilience Act (Regulation (EU) 2024/2847) for machinery: deadlines to 11 Dec 2027, product classes, Machinery Regulation overlap, SBOM and a roadmap from Blackfort.

Cyber Resilience Act for Software & SaaS Makers

CRA for software and SaaS makers: standalone software is a product with digital elements and typically in scope, pure SaaS usually is not (NIS2). Duties, SBOM, deadlines to 11 Dec 2027 — technical-organisational orientation from Blackfort Technology, Bonn.

Cyber Resilience Act for IoT, Embedded & Smart Products

CRA orientation for makers of IoT, embedded and smart products: RED 2022/30 transition, product classes, duties, deadlines to 11 Dec 2027. Technical-organisational information, not legal advice.

Cyber Resilience Act and Medical Technology: the Scope Boundary

MDR/IVDR medical devices are excluded from the Cyber Resilience Act (Art. 2(2)) – wellness, fitness and hospital-IT software often are not. A decision structure for the boundary. Technical-organizational orientation, not legal advice.

The content on this website provides general technical and organizational information on the Cyber Resilience Act (Regulation (EU) 2024/2847) and does not constitute legal advice. Blackfort Technology provides technical/organizational IT-security and compliance consulting, not legal services.