Is your company ready for the Cyber Resilience Act? If you manufacture a digitally connected product, or integrate digital components into a device or product, the CRA will apply to you. The legislation sets out security requirements for products, maintenance and incident management, and as of 11 September 2026, companies that place a product on the European market will have to abide by the first round of obligations.

This means that if you are a manufacturer of an IoT device, a software developer or an integrator of connected devices, you may have less than a year to prepare for the CRA. For many SMEs, this means adapting internal processes and ensuring compliance throughout the product lifecycle. While the CRA brings new challenges, it also offers an opportunity to enhance security practices and increase trust in European products.

DIGITAL SME’s Working Group Cybersecurity and Data Protection has been following the legislation, and is pleased to invite DIGITAL SME members to an Info Session on 12 November 2025, from 11:00 to 12:30 CET, which will help SMEs understand what the CRA entails, what the regulation is, who it affects, and how companies can prepare.

Vittorio Bertola, Head of Policy & Innovation at Open-Xchange, will provide insights on the CRA and its implications for SMEs, while Rasmus Keller, Partner at Keller Law Firm, will address the potential conflicts between the CRA and existing IT contracts. The discussion will look at the main security and reporting requirements, explore different ways organisations can demonstrate readiness, and address the support available to help companies meet the new obligations.

The webinar is free of charge for DIGITAL SME members and partner organisations. Not yet a member? Check our membership options! The price for external organisations is € 99 (excl. VAT).