Cyber Resilience Act (CRA) - vdma.eu
Cyber Resilience Act (CRA)
Current information, assistance and documents
The CRA sets binding requirements for the IT security of products with digital elements – i.e. products and software that have interfaces.
The obligations to provide updates and support to maintain resilience distinguish the CRA from other CE marking regulations.
shutterstock
exklusiv
The VDMA regulation cockpit offers compact factsheets on the most important regulations for the mechanical and plant engineering industry - comprehensible, practical and at a glance. You will find out which sectors are affected, what the timetable looks like, where there is a need for action and what sanctions are to be expected. A valuable guide for all companies that want to prepare for the new requirements at an early stage.
Factsheet: Cyber Resilience Act
Impact on mechanical and plant engineering in conjunction with electrical automation
Recommended action for supplier self-disclosure Cyber Resilience Act (CRA)
The Cyber Resilience Act (CRA) will bring significant changes for most machine and plant manufacturers as early as 2026. What do you need to consider when preparing for the upcoming deadlines for your own products and components?
The Cyber Resilience Act (CRA) affects many products and components in mechanical engineering. The regulation will take effect as early as 2026 and many companies are not yet prepared for it.
The CRA fundamentally changes the security requirements in mechanical engineering. What obligations will manufacturers now face and how should companies prepare for them? However, the CRA is not just a regulation, but above all an opportunity.
Update! The Cyber Resilience Act (CRA) entered into force on december 11th 2024. The VDMA has compiled a new version of the FAQ document to provide support and non-binding guidance to its members.
New requirements apply to products with digital components. Manufacturers must now ensure cyber security throughout the entire product life cycle - even for integrated software! An update on responsibilities and deadlines.
The European Union's Cyber Resilience Act affects many products and components in the mechanical engineering sector. Companies should quickly identify the extent to which they are affected and take measures to ensure compliance and product security.
Important questions on this topic
Events
8. Meeting of the Cyber Resilience Act (CRA) working group
Cyberattacks on industrial companies have been on the rise for years—often with severe consequences for production, competitiveness, and reputation. For the mechanical and plant engineering sector, there is an additional factor: highly automated production environments, connected machinery, IoT services, and digital business models are expanding the attack surface for cyber threats across the entire product life cycle. At the same time, regulatory requirements for corporate cyber resilience are increasing within the EU. For VDMA members, this means that Industrial Security and Product Security must be embedded in a structured, standards-based, and auditable manner across the organization, development, operations, and service. Given the sometimes enormous losses caused by cyber incidents, cyber insurance is also becoming increasingly relevant for companies. Against this backdrop, VDMA Austria is hosting a full-day peer exchange on Industrial & Product Security on 5 March 2026. The event will take place at Beckhoff Automation in Vienna, and we cordially invite you to attend.
9. Meeting of the Cyber Resilience Act (CRA) working group
Join us for a day dedicated to networking and collaboration at the VDMA Headquarters. Connect with industry peers, engage with VDMA experts, and meet our international representatives from across Europe and worldwide.
Exclusively for VDMA members
Register now and read more
Don't have an account?
If your company is already a VDMA member, you can register easily.
Do you not know whether your company is already a member? Take a look at our member list and find out.
Are you interested in becoming a VDMA member?
