The European Cyber Resilience Act (CRA), which came into force in December 2024, creates a uniform legal framework for strengthening the cybersecurity of products with digital elements. Due to their use of networked controls, sensors, and software components, machine tools also fall within the scope of the CRA. This talk explains the key requirements of the CRA, particularly with regard to security by design, risk analysis, (software) bill of materials, and vulnerability management. Using industry-specific examples, potential challenges for manufacturers and suppliers in the machine tool industry are highlighted and practical approaches for timely preparation for implementation obligations are discussed.