workshop
EU Cyber Resilience Act (CRA)
Overview
The EU Cyber Resilience Act (CRA) is landmark legislation that sets mandatory cybersecurity requirements for all Products with Digital Elements (PDEs) sold in the EU market. It applies to hardware and software, and requires manufacturers to embed security from the earliest design phase through the entire product lifecycle.
This one-day, on-site workshop provides a structured, practical introduction to CRA compliance, covering key topics such as applicability, economic operator roles, product criticality, and cybersecurity risk assessment.
Workshop format
The workshop combines an introduction to the EU regulatory framework with exercises, discussions, and practical tools that support CRA implementation and compliance activities.
Goal
After completing this workshop, participants will have a shared understanding of the legal obligations imposed by the EU Cyber Resilience Act and how these apply to their products and organisation.
The workshop can be tailored to your organization’s needs and may include topics such as:
• CRA policy background and regulatory drivers
• Product applicability assessment
• Economic operator roles and obligations
• Product classification as Default, Important (Class I/II), or Critical PDEs
• Cybersecurity risk assessment and risk scoring
• Secure-by-design principles across the product development lifecycle
Participants will gain sufficient knowledge and practical experience to lead or contribute to a CRA compliance programme immediately after the workshop.
Participants
The workshop is intended for companies that develop, manufacture, import, or distribute products with digital elements that are placed on the EU market.
As CRA compliance is a company-wide effort rather than an engineering-only activity, the workshop is relevant for stakeholders across engineering, product management, quality, cybersecurity, and regulatory functions.
The workshop is suitable for:
• Decision-makers and managers responsible for product strategy, compliance, quality, and business operations
• Development engineers working on connected products
• Security engineers and architects involved in product cybersecurity
Recommended group size
The workshop is designed for interactive discussions and practical exercises. We therefor recommend a minimum of 5 participants and a maximum of 10 participants.
Previous knowledge
No prior knowledge of EU cybersecurity regulation is required. It is beneficial if participants have a good understanding of company-wide processes.
Basic familiarity with the following is beneficial:
• Software or hardware product development
• General concepts of IT security or risk management
• Product lifecycle from design through to market release
Core workshop content
- CRA in the EU
- Applicability
- Economic Operator Role
- Product Criticality
- Risk Assessment
Optional extended content
- Compliance & Conformity
- Post-Market Monitoring
Summary
This workshop provides a practical introduction to the EU Cyber Resilience Act, structured around the four compliance steps every manufacturer must complete before placing a product on the EU market.
Through a combination of structured presentations and hands-on group exercises – with plenary debriefs at the whiteboard – participants gain a thorough understanding of key CRA concepts, from applicability and economic operator roles to product classification and cybersecurity risk assessment.
After completing the workshop, participants will be equipped to lead or contribute to a CRA compliance programme, supported by a set of ready-to-use templates. They will also understand the competitive opportunity: organisations that achieve early compliance gain market access advantages and a differentiated security credential in the EU market.
Ready to discuss your CRA journey?
Contact us to discuss an on-site workshop tailored to your organization.