With its Cyber Resilience Act (CRA), the EU will in future require manufacturers to guarantee the IT security of products with digital elements. Once the CRA comes into force, which is expected to be in 2024, they will have a maximum of 36 months to demonstrate that their products comply with the new standard. However, due to complex architecture designs and the use of third-party components, assessing the need for action in concrete terms is a challenge.

The Fraunhofer Institute for Applied and Integrated Security AISEC is conducting research into automated compliance testing of software components with Confirmate. The tool will help to automatically assess compliance with the CRA and determine the ind ...