Status of CRA standardization by committees only at 25%
Wachendorff Prozesstechnik informs you
We provide proactive, transparent and continuous information as soon as relevant news is available.
Status: February 2026
Why the CRA is coming:
A ransomware attack occurs every 11 seconds worldwide. The resulting damage runs into the billions every year. To counteract this, the EU Parliament passed the Cyber Resilience Act (CRA) in October 2024.
From December 11, 2027, new products with digital components must meet the CRA requirements. The deadline for manufacturers to fully implement all requirements ends on this date.
The CRA obliges manufacturers to, among other things
- ensure cyber security throughout the entire product life cycle
- continuously rectify known vulnerabilities
- document clear security processes
- comply with technical standards
Products without CRA conformity can no longer bear the CE marking and may therefore no longer be sold in Europe.
*CABs = Conformity Assessment Bodys
Source: https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Cyber_Resilience_Act/cyber_resilience_act_node.html
State of regulation:
- The BSI has announced that it will become the market surveillance authority for the CRA in Germany.
Source: https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2025/251007_CRA_BSI_marktueberwachende_Behoerde.html - The scope of the CRA is very comprehensive and affects almost all products with digital components.
- European standardization is currently only around 25% of the way to the target - industrial standards in particular are still in draft form.
Source: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/CRA/Dashboard_CRA.pdf?__blob=publicationFile&v=5
As many requirements have not yet been finally defined, no supplier can currently reliably confirm full CRA conformity.
What Wachendorff Automation is already doing:
We prepare our products well in advance to meet the CRA’s requirements. To this end, we work closely with our technology partners and suppliers and are gradually adapting our internal development and security processes.
Technical preparation of our products
- Analysis of all digital components in our products, for example encoders (firmware, interfaces, update processes)
- Establishment of secure software and firmware lifecycles, including vulnerability management
- Preparation for future disclosure requirements such as SBOMs
Transparent communication
- As standardisation is currently only about 25% complete, it is not yet possible to make definitive statements regarding compliance.
- We will provide proactive and ongoing updates as soon as binding requirements are published.
Why we are currently unable to make any detailed statements:
As standardization is still in progress (currently approx. 25%), many technical requirements only exist as drafts.
Therefore, like all market participants, we can currently only make the necessary preparations, but cannot issue final declarations of conformity.
As soon as binding requirements are published, we will inform you immediately.
Please refrain from making individual inquiries:
Due to the large number of queries and the currently still limited level of detail of the legal requirements, we would kindly ask you to refrain from making individual inquiries.
We provide information proactively, transparently and on an ongoing basis as soon as relevant news is available.
Further information:
- BSI overview page CRA:
https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Cyber_Resilience_Act/cyber_resilience_act_node.html - CRA simply explained (BSI):
https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Technologien_sicher_gestalten/CRA-einfach-erklaert/cra-einfach-erklaert_node.html - EU information on the CRA:
https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act
up
İletişim
İstek formu