The Cyber Resilience Act (CRA) creates a uniform, high level of security for products with digital elements throughout the EU. Ignoring it is not an option: starting September 11, 2026, non-compliance will result in heavy fines and market bans.

Implementing the CRA is complex. Are you also facing these risks and challenges?

• Unclear CRA applicability for Swiss companies
• Increased compliance and documentation requirements
• Technical and organizational adjustments
• Impact on the supply chain

Unclear CRA applicability for Swiss companies

We clarify CRA applicability for Swiss companies by assessing the regulatory scope and classification of each product early, coordinating with EU distributors and customers, and conducting internal training on CRA requirements.

Increased compliance and documentation requirements

We cocreate a security roadmap, establish documented securebydesign and securebydefault processes, introduce lifecycle tooling for patch and update tracking (with SBOM practices where appropriate), and anchor clear responsibilities for security and compliance within the organization.

Technical and organizational adjustments

We integrate CRA security requirements into the Secure Development Lifecycle (SDL), schedule security reviews early, establish vulnerability handling and coordinated vulnerability disclosure (CVD), and coordinate collaboration with security experts and certification bodies.

Impact on the supply chain

We strengthen your supply chain by integrating CRA compliance clauses into supplier contracts, setting up regular supplier due diligence, audits and selfassessments, and developing alternative suppliers with verified compliance.