4. When does the CRA take effect?

In force: 12 Nov 2024 Vulnerability and incident reporting begins: 12 Nov 2025 Full compliance applies: 11 Dec 2027

EU Cyber Resilience Act (CRA) Security Evaluation

通过选择产品开始报价请选择下面的一种配置

这是您想要的页面. 查看搜索结果:

在线咨询

联系是德科技

欢迎

您已使用以下登录名称 :

我的个人信息
退出

请确认

Confirm your country to access relevant pricing, special offers, events, and contact information.

您希望搜索哪方面的内容？

Pro Oscilloscopes Handheld Spectrum Analyzers Compact Signal Generators 寻找解决方案需要技术支持参加课程查找活动原厂翻新仪器 KeysightCare 在线购买

No product matches found - System Exception

The EU Cyber Resilience Act (CRA) introduces mandatory cybersecurity requirements for all digital products sold in Europe. Whether you're developing hardware, firmware, or software, compliance is essential to market access and customer trust.

Keysight helps you achieve CRA compliance efficiently — minimizing risk and streamlining certification, so that you can keep bringing secure, innovative products to market.

Industry-Recognized Security Evaluation and Advisory Services

We guide you through every stage of CRA product security evaluation, documentation, and compliance. With tailored support, we work with your team to streamline approvals and manage the complete security lifecycle of your product.

Product Classification and Risk Assessment

Determine your product’s category (Default, Class I, Class II) and define the relevant threat and risk profile (TARA).

Compliance Assessment and Documentation

Review your current development practices against CRA requirements and receive a prioritized remediation plan. Get expert support in preparing technical documentation for CRA submission.

Security Testing and Product Hardening

Validate product resilience through security testing, including penetration testing, fuzzing, and vulnerability analysis. Strengthen product security with targeted hardening strategies.

Certification Strategy

Gain clarity on security certification requirements for your product. Align CRA activities with other standards like SESIP, IEC 62443, and RED to streamline certification efforts and reduce duplication.

Working with Keysight

We help you meet EU Cyber Resilience Act requirements with minimal disruption.

Minimize Risk, Stay on Track

Address security gaps early to reduce future threats and avoid development delays.

Streamline Documentation

Get expert support to efficiently compile technical files and meet CRA reporting requirements.

Simplify CRA Compliance

Integrate CRA with other certifications under one streamlined roadmap to save time and resources. Leverage Keysight’s global security expertise and recognized accreditations.

Frequently Asked Questions

Products with Digital Elements (PDEs), including software, firmware, cloud systems, and SDKs.

Yes, if they’re likely to be used in a connected context. For example, USB sticks are not connected out of the box but contain firmware and are meant to be connected. Similarly, smart TVs contain embedded firmware and network capability.

Yes. Standalone software is explicitly covered, even if it’s not pre-installed on hardware.

In force: 12 Nov 2024
Vulnerability and incident reporting begins: 12 Nov 2025
Full compliance applies: 11 Dec 2027

Yes, if still being sold or updated after 11 Dec 2027.

The CRA impacts a broad range of stakeholders involved in the design, development, and distribution of products with digital elements: manufacturers, authorized representatives, importers, distributors, software developers, and startups.

Risk assessments, implementing secure-by-design, vulnerability handling, conformity assessments, technical documentation, and updates.

TARA results, SBOM, update strategy, conformity details, and vulnerability procedures.

Varies by risk category: self-assessment for low risk, Notified Body for higher risk.

Partially—they help, but don’t automatically fulfill all CRA obligations.

A Notified Body, an independent third-party organization designated by an EU Member State, provides an independent evaluation for Important II and Critical products. Notified Bodies must be accredited and listed in the NANDO (New Approach Notified and Designated Organizations) database.

Manufacturers of lower-risk products (Default or Important Class I) usually don’t need a Notified Body unless they opt for third-party assessment.

You risk fines, product bans, reputational harm, and can’t apply the CE mark. Fines and enforcement actions may vary depending on the severity of the breach.

Compliance is required for CE marking of digital products in the EU.

Yes—they must appoint an authorized representative established in the EU and fully meet CRA requirements before market placement.

Start by classifying your product (Default, Important, or Critical), as this defines whether you need a self-assessment or a Notified Body. Conduct a gap analysis to check your current security and compliance against CRA requirements, including secure design, risk management, and documentation. Then, build a roadmap with clear responsibilities and timelines. Use readiness tools like SBOM generators, risk templates, SDL checklists, and training resources. Keysight supports you every step of the way, from product scoping to CE marking, helping you stay compliant without slowing innovation or time-to-market.

World-Class Testing Solutions

Keysight is a recognized developer of hardware and software security testing solutions. Our extensive portfolio of tools supports the entire range of CRA testing scopes.

DS1050A Next-Generation Embedded Security Testbench

Brings state-of-the-art PXI technology to Side Channel Analysis (SCA) and Fault Injection (FI) testing, offering unmatched performance, flexibility, and reliability.