In this talk, we highlight the Cyber Resilience Act (CRA) enacted by the European Union. The CRA applies to manufacturers of products with digital elements and establishes a common baseline level of IT security across all products. With the CRA, mandatory security requirements apply to products that are not yet covered by (usually stricter) sector-specific regulation as we know it from, e.g., the aerospace industry or healthcare devices. This makes the CRA a highly relevant topic specially for companies that do not have experience with security regulation yet as, e.g., industrial machines ("shopfloor hardware") are now affected for the first time. The same applies to smaller companies, e.g., SMEs working on mobile apps.

The CRA provides procedural as well as technical requir ...