Reduce CRA compliancecost by 70%
The all-in-one platform for companies building products with digital elements to achieve EU CRA compliance. Manage products, track vulnerabilities, assess suppliers, and keep your team aligned with real-time alerts.
* Based on comparative cost analysis of manual vs. platform-assisted CRA compliance. See full methodology · Calculate your savings
Products
6
Assess.
0
Vulns
2
Issues
0
Assessment
Where does your organization stand?
No structured approach yet?
- No dedicated CRA owner or cross-functional team in place
- No SBOM generation or management process established
- No systematic vulnerability monitoring across products
- CRA compliance not yet on the product development roadmap
- Products with digital elements sold in the EU without a compliance strategy
Compliance processes too resource-intensive?
- SBOM inventory managed manually in spreadsheets
- Vulnerability research and tracking without automation
- Compliance evidence distributed across departments and file systems
- No single source of truth for organization-wide CRA status
- Multiple disconnected tools without a unified compliance workflow
Features
Everything you need for CRA compliance
From product inventory to customer communication—one unified platform for complete EU Cyber Resilience Act compliance.
Product Inventory
Manage hundreds of product variants with parent-child hierarchies, CRA classification wizard, and per-product compliance tracking. Replaces scattered spreadsheets with one structured inventory.
SBOM Management
Import and manage SBOMs in CycloneDX 1.4/1.5 and SPDX 2.3 formats — the two standards required by the CRA. Drag-and-drop upload with automatic format detection, full dependency visualization across 30+ ecosystems, and CI/CD integration via GitHub Actions.
Vulnerability Tracking
Automated matching against NVD and OSV databases with per-severity SLA tracking. Meet the CRA Article 14 ENISA 24-hour reporting deadline with pre-built notification workflows.
Compliance Dashboard
Real-time compliance status across your entire product portfolio. Track all 8 CRA Annex I essential requirements per product with automatic progress calculation, SLA monitoring, and assessment overview.
Evidence & Reports
One-click audit packages with timestamped evidence trails, digital signatures, and compliance timeline charts. Cuts audit preparation from 40 hours to under 4 hours per product reassessment.
Vendor & Customer Portal
Assess supplier CRA readiness, collect and validate vendor SBOMs, and publish CSAF security advisories through branded customer portals. Full supply chain transparency in one view.
Industries
Built for your industry
Whether industrial machinery, IoT, software, or smart home — the CRA affects companies across all sectors. Kunnus understands the specific challenges of your industry.
How It Works
From zero to compliant in four steps
Import Your Products
Upload your product inventory via CSV or connect to your existing PLM system. Kunnus automatically detects digital elements.
Classify & Assess
Our guided wizard walks you through CRA product classification. Get instant gap analysis against compliance requirements.
Collect Evidence
Upload documents manually or connect CI/CD pipelines for automated evidence collection. Link evidence to specific controls.
Generate Reports
One-click self-assessment reports with digital signatures. Export audit packages for third-party assessments.
What is the EU Cyber Resilience Act?
The EU Cyber Resilience Act (CRA) is the first horizontal European regulation that mandates cybersecurity requirements for all products with digital elements sold in the EU market. Effective from December 2027, the CRA affects manufacturers, importers, and distributors of hardware and software products — from industrial machinery and IoT devices to standalone software applications.
Companies must demonstrate security-by-design, create and maintain Software Bills of Materials (SBOMs), implement continuous vulnerability monitoring, report actively exploited vulnerabilities to ENISA within 24 hours, and provide security updates throughout the expected product lifecycle.
Non-compliance can result in fines of up to 15 million euros or 2.5% of global annual turnover.
Kunnus is the all-in-one CRA compliance platform that automates these requirements: centralized product inventory management, automated SBOM generation, real-time vulnerability tracking against CVE databases, pre-built control templates mapped to CRA requirements, and one-click audit documentation. Whether you're a manufacturer of industrial automation equipment, an IoT device maker, or a software company — Kunnus reduces CRA compliance cost by over 70% and accelerates audit readiness by 10x compared to manual processes (based on comparative cost analysis of 0.5–6 FTE manual teams vs. platform-assisted workflows; see full methodology at kunnus.tech/methodology).
Learn More
CRA Compliance: Knowledge & Guides
CRA Countdown: Your 2026–2027 Compliance Roadmap
Key milestones, SME challenges, and how to meet the September 2026 reporting deadline.
Read morePractical Steps for OEMs to Achieve CRA Compliance
A 5-step implementation roadmap from product inventory to audit-ready documentation.
Read moreWhy Manual CRA Compliance Fails
Scaling challenges and why spreadsheets can't handle CRA at enterprise scale.
Read moreThe CRA will reshape how manufacturers bring products to market. We built Kunnus so they can focus on building great products and not on compliance paperwork.
Waldemar Kindler
CEO, Think Ahead Technologies GmbH
Ready to simplify your
CRA compliance journey?
Achieve CRA compliance faster and more cost-effectively with Kunnus.