Solutions for a connected future

Cyber Resilience Act Services

Protect Future Market Access for Connected Products
CRA deadlines

Deadlines are fixed. Preparation takes time

The CRA introduces phased obligations for manufacturers of products with digital elements. Early clarity helps teams plan evidence, assess product scope and prepare for upcoming obligations.

Take the CRA Scorecard

11 September 2026

80

Days remaining

Reporting obligations apply

Manufacturers must be ready to report actively exploited vulnerabilities and severe incidents within the required CRA timelines.

11 December 2027

536

Days remaining

Full CRA compliance required

Products with digital elements must meet CRA requirements, with the relevant conformity route, technical evidence and CE marking in place.

The Market Reality

CRA readiness starts with product-level clarity

Scope

Connected products, embedded software and remote update functionality can bring products into scope

Evidence

Compliance will depend on evidence: secure design, SBOM, vulnerability handling, update processes and technical documentation

Classification

Product classification influences the conformity assessment route, testing expectations and need for third-party involvement

Plan

Early clarity helps teams plan development, documentation and certification activity without disrupting launch timelines

CRA readiness journey

From uncertainty to a structured product-level view

The CRA is no longer a distant requirement. Manufacturers need to understand product scope, evidence requirements and conformity routes before deadlines affect market access.

Your 4 Steps to CRA Readiness

Product classification shapes the route

The conformity assessment route depends on how the product is classified under the CRA. A default product may follow a different pathway than an Important Class I, Important Class II or Critical product.

  • Default: Most products with digital elements.
  • Important Class I/II: Products with higher cybersecurity relevance or security functionality.
  • Critical: Products where high-assurance assessment routes may apply.

The conformity assessment route depends on how a product is classified under the CRA. Products classified as Default, Important or Critical may face different assessment requirements, documentation obligations and planning considerations.

Read our latest article on CRA assessment capacity and lab scarcity to learn why understanding your likely conformity assessment route early can help avoid delays later in the compliance process.

Why NMi

Independent assurance, grounded in product compliance

The NMi Blue Seal of Approval stands for trust earned through independent technical assessment.

For CRA readiness, that means combining regulatory interpretation, testing insight, cybersecurity expertise and conformity assessment experience into one clear route for manufacturers.

  • Product-level regulatory clarity: Understand scope, classification and obligations before they affect market access.
  • Technical evidence and testing insight: Connect cybersecurity requirements with real product design, documentation and validation activity.
  • Group expertise across the route: NMi Certin, NMi TESTLAB and TrustCB bring complementary expertise across compliance, testing and certification pathways.

How we support manufacturers

Practical support from first question to conformity readiness

  1. Understand: Clarify CRA applicability, product scope and likely classification.
  2. Prioritise: Identify products, evidence gaps and actions that need attention first.
  3. Prepare: Develop a practical roadmap for documentation, cybersecurity controls and technical file readiness.
  4. Validate: Connect readiness planning with testing, certification pathways and CRA conformity assessment expectations.

Next step

If your product includes software, firmware, connectivity, embedded software or remote update functionality, now is the time to define your CRA readiness path.

Start with the CRA Scorecard or speak with an NMi expert to clarify your product scope, timeline and next steps.

Dirk-Jan Schuld

Business Development Cybersecurity

WANT TO KNOW MORE?

Contact us!

+ 31 88 636 2232
cyber@nmi.nl

Are your prepared for the EU Cyber Resilience Act (CRA)?

Assess your product’s likely CRA relevance and cybersecurity readiness

Product cybersecurity compliance

Explore NMi Group capabilities for connected products.

Testing and validation

Understand how product-level cybersecurity resilience can be assessed.

Special

A GREAT PARTNER IS NOT HARD TO FIND!

Knowledge through experience.

NMi has a long good worldwide reputation due to hard work, dedication and good customer service. We guide our clients, help them and learn from each other. Every market is different and every service needs to be approached in another way.

Sharing our knowledge

NMi Academy

  • All
  • Downloads
  • Webinars
  • Whitepapers
STAY INFORMED

SUBSCRIBE TO KNOWLEDGE CENTER

Cookies

This website uses cookies. A cookie is a simple small file that is sent along with pages from this website [and / or Flash applications] and is stored by the browser on the computer's hard drive. The information stored therein can be sent back to the servers on a subsequent visit.

This website uses functional and analytical cookies. These cookies are used to improve the user experience and to gain insight into visitor statistics. Cookies can be deleted via the browser settings.