Get ready for the EU Cyber Resilience Act!

The EU Cyber Resilience Act is a EU law that will be fully enforced in December 2027, with a first part being enforced already in September 2026. This new EU-wide legislation affects everyone selling (or having sold) products with digital elements on the EU market. The EU is forcing manufacturers to take more responsibility for the end-users cybersecurity resilience by including new requirements in the familiar CE marking – now applying to software as well as hardware.

The CRA will affect business models and processes

This regulation will change not only technical aspects of software development, but will also affect many business models as there is a responsibility to maintain the product during the product’s complete lifetime. Getting ready for the CRA is not a one-time certification, it’s a continuous process change that will have to be implemented by every manufacturer.

Attend the training to get a quick start!

Register today for the “Getting ready for the CRA” one day training class, performed by two leading experts in the field of application security and risk management. In this training, you will get a foundation to start the process within your company, to manage the change process and to set the platform for a new risk management process.

Agenda

• 9.00 – Registration
• 9.30-12.00 Part one
  • Introduction, health & safety
  • Start from the top: Five steps to get ready
  • CRA Requirements
  • Secure by design and secure by default
  • Tools for measuring your change process – getting ready
• Lunch
• 13.00-15.45 Part two
  • The central tool: SBOM, Software Bill of Materials
  • Assessing your product – the gap analysis
  • Due diligence of third party products – software supply chain
  • Vulnerability handling – From report to security update
• 15:45-16:00 Open discussion

Presenters

• Anthony Harrison, APH10, UK. Cofounder of SBOMEUROPE.EU
• Olle E. Johansson, Edvina AB, Sweden. Cofounder of SBOMEUROPE.EU

Anthony and Olle have many years of experience of teaching and experience in application security. Both teachers are active in OWASP, as well as forums like OpenSSF, Eclipse ORCWG and others.

Register for this unique one day training now!

Target audience

• Business project management and support functions (i.e. legal)
• Procurement
• Product management and development
• Security and risk professionals, including compliance officers

What you’re going to learn

• Understanding the basics of the Cyber Resilience Act
• The requirements on product lifecycle management and product security
• Setting the framework – assessing your risk level and your supply chain
• Analysing the gaps – finding out where your products are
• Understanding the importance of the Software Bill of Materials (SBOM)

Why you should register today

• Learn how to implement CRA in a collaborative way
• Understand the long term process change required
• Understand how to perform a gap analysis of your product range
• Get insights into the due diligence of the software supply chain
• Get your products ready in time for the CRA.

Keywords

• SBOM, Software Bill of Materials
• EU CyberSecurity framework
• SDLC, Secure Development Life Cycle
• Secure by design
• Secure by default