This site has limited support for your browser. We recommend switching to Edge, Chrome, Safari, or Firefox.

Cart 0

No more products available for purchase

Products
Pair with
Add order notes
Subtotal Free
Shipping, taxes, and discount codes are calculated at checkout

Your Cart is Empty

Cyber Resilience Act (CRA)

Is your product and organization ready?

RISK ANALYSIS & CRA CLASSIFICATION SERVICE

Unsure how CRA affects your products?

If you develop, sell, or distribute digital products in the EU, the Cyber Resilience Act may apply to you.
Our Risk Analysis & CRA Classification Service helps you quickly understand whether your products are affected, where your main risks are, and what to prioritize next.

What you get:
• Clear overview of CRA applicability
• Identified risks and compliance gaps
• Prioritized next steps

read more and contact us
About Cyber Resilience Act (CRA)

What is CRA?

The Cyber Resilience Act (CRA) is a new EU regulation setting mandatory cybersecurity requirements for digital products, including software and connected devices, to ensure they are secure throughout their lifecycle.

When does it come into effect?

The CRA requirements will become mandatory from 2026, giving organizations time to assess and improve their product security.

Why is it being introduced?

CRA aims to protect users and organizations from cybersecurity risks, reduce vulnerabilities, and create a consistent security standard across the EU for digital products.

Who is affected by CRA?

Manufacturers, distributors, and developers of digital products sold or used in the EU are affected, especially those offering connected devices or software with potential security risks.

How we help you with CRA

If your products are affected by the EU Cyber Resilience Act, Nohau offers end-to-end services to identify risks, classify your products, and ensure compliance.

For decades, Nohau has supported organizations in regulated and safety-critical industries such as automotive, aerospace, defense, and industrial systems. With the Cyber Resilience Act, the level of cybersecurity that was previously expected mainly in these sectors will now require compliance for all digital products placed on the EU market.

Nohau provides expert services along with proven tools and solutions, supporting organizations throughout the entire CRA compliance journey. We help you establish the right processes, implement the right technologies, and apply the right methodologies - from risk analysis and classification to secure development, documentation, testing, and compliance.

Our CRA services and solutions

Risk Management

SAST & SBOM (Code Sonar & CodeSentry)
Identify code vulnerabilities early and create an inventory of third-party components; critical for both CRA’s product risk assessment and NIS2’s organizational risk management.

Cantata
Unit testing verifies components behave as intended, reducing the risk of unknown vulnerabilities in both internal systems (NIS2) and products (CRA).

Courses (NIS2 & CRA)
Provide staff and management with skills to conduct risk analyses and understand regulatory expectations.





Incident Management

Tracealyzer & TRACE32

Offer deep insights into runtime behavior of embedded systems, helping detect anomalies and investigate the root cause of incidents. Instrumental for meeting NIS2’s requirement for rapid detection and analysis.

Security by Design

Segger Secure Boot & emSecure

Ensure only authenticated firmware runs on devices, aligning with CRA’s secure-by-design requirements.

SeggeremCrypt/emSSL/emSSH
Enable secure communication and data protection directly in the product.

Cantata
Validates secure implementation of critical components during development.

Cryptera
Secure handling of encryption keys.

Courses
Train developers to integrate security principles from the start, as required by CRA.





Documentation & SBOM

SBOM (CodeSentry)
Generate comprehensive software bills of materials, a mandatory part of CRA’s
technical documentation.

SAST reports (CodeSonar) & coverage (Cantata)
Provide proof of secure development, essential for CE marking and for demonstrating due diligence in NIS2 regulated supply chains.

Course
“Introcution to Product & System Cybersecurity”





Secure Coding & Testing

SAST (CodeSonar)
Finds security flaws during coding, aligning with best practices required by
both standards.

Unit Test (Cantata)
Proves code correctness and increases confidence in the security of embedded applications.

Secure C/C++ Development (course)
Teaches developers how to write secure, standards-compliant code for embedded systems.

Cybersecurity for Businesses (course)
Introductory course teaching how to prepare for the regulations and understanding the security risks.

Competence & Training

Risk analysis

NIS2 Compliance
Learn more about things relevant for NIS2 (Secure Development, ISO 21434, IEC62443 etc) from various courses.

CRA courses:

  • CRA for Embedded Systems
  • Secure C/C++ Development
  • Secure Embedded Linux
  • Introduction to Product & System Cybersecurity
  • Introduction to ISO/SAE 21434 Road Vehicles Cybersecurity





Secure Communication & Boot

Segger Secure Boot
Prevents unauthorized firmware, key for CRA’s secure update requirement.

Cryptera
Secure handling of encryption keys to ensure software integrity.

SeggeremCrypt/emSSL/emSSH
Provide cryptographic functions and secure communication protocols; directly support CRA’s secure-by-design mandates.





CONTACT US

Andreas Dyrhed

Nohau Sweden

Contact

Klaus Ahrensbach

Nohau Denmark

contact

Heidi Lehtomäki

Nohau Finland & Baltics

contact