CRA Friday Facts: Beta Releases Are Not Banned, They Are Regulated
Can you still ship beta software under the CRA? Yes, Article 19 allows it under two clear conditions. What manufacturers need to know.
CRA vs Product Liability Directive: How the Two EU Laws Interact for Software Manufacturers
The EU Cyber Resilience Act and the revised Product Liability Directive (PLD) both target software-bearing products — but with very different mechanisms. Here is what manufacturers need to know about the overlap.
EU CRA Compliance for Machinery: A Step-by-Step Guide for Industrial OEMs
A practical, step-by-step guide for industrial machinery OEMs to achieve EU Cyber Resilience Act compliance — from product inventory to notified body engagement and ongoing SBOM management.
EU CRA Compliance Across Multiple Product Variants: A Platform Strategy for Manufacturers
When your portfolio has 50, 100, or 500 product variants, EU CRA compliance breaks every spreadsheet. Here is the platform strategy that keeps multi-product manufacturers compliant without exponential overhead.
CRA Friday Facts: Cybersecurity Protects People, Not Just Data
Why connected toys, baby monitors, and health wearables count as important products class I, and what that means for manufacturers.
CRA Friday Facts: Machinery Regulation and CRA, Two Duties, One Opportunity
Machinery Regulation certified ≠ CRA compliant. Why robot manufacturers must meet both frameworks and where the real synergies lie.
CRA Friday Facts: Product End-of-Life Is Not the Finish Line
Discontinuing a product does not get you out of the CRA. Information duties, documentation retention, and secure data deletion guidance carry on.
CRA Friday Facts: Collective Redress, Manufacturers in the Crosshairs
The CRA gives consumer protection organisations the right to sue manufacturers directly. Why regulators are not the only enforcement layer, and what that means in practice.
Per-Unit Alarm: Why Inventory Manufactured in 2026 Becomes a CRA Compliance Risk in 2028
The EU CRA applies per individual unit at the moment of placing on the market. For Swiss manufacturers with 12 to 24 month inventory cycles, every serial number needs its own up-to-date patch status.
CRA Friday Facts: No Grandfathering, the Production Date Doesn't Count
There is no CRA grandfathering by production date. What counts is placing on the market, the day a unit actually reaches the EU market.
CRA Friday Facts: Why Your Supplier Can't Shield You From Liability
The CRA knows no liability delegation. Whoever places the product on the market is liable, even if suppliers develop and manufacture it.
CRA Friday Facts: Why SMEs Are Fully Affected Too
The CRA applies to every manufacturer with digital elements, 8 employees or 17,000. SME relief reduces bureaucracy, not the security standard.
CRA Friday Facts: CE Marking Done. Compliance Is an Ongoing Obligation
The CRA makes cybersecurity a continuous obligation. Without ongoing monitoring, documentation, and updates, conformity is lost, even after the EU declaration of conformity is signed.
CRA Friday Facts: Why Your Logo Makes You the Manufacturer
"We're just an importer." Wrong, the moment your logo is on the product. The CRA turns white-label vendors into manufacturers, with all the obligations.
CRA Friday Facts: When the CRA Hits Legacy Devices Too
Existing products aren't off the hook. From 11 Sept 2026, reporting obligations apply to all products on the market. And substantial modifications trigger the full CRA.
CRA Friday Facts: Why a Single USB Port Hits the Offline Device
"Our machine runs offline." One USB port, an SD slot, or a service interface is enough to bring the product into CRA scope. Offline doesn't protect you.
EU Cyber Resilience Act and SMEs: Every Relief Measure Available to Smaller Manufacturers
The CRA includes targeted SME relief measures — but they are unevenly distributed. Which measures apply, who benefits, and where medium-sized enterprises are left out.
kunnus-scanner Is Now Open Source: Free SBOM Generation for CRA Compliance
We've open-sourced kunnus-scanner – a free CLI tool for generating SBOMs across 30+ ecosystems in SPDX and CycloneDX formats. Get started in minutes with Homebrew, Docker, or GitHub Actions.
Cyber Resilience Act and Switzerland: What Swiss Manufacturers Need to Know for EU Exports
The EU Cyber Resilience Act applies to Swiss manufacturers exporting to the EU — and Switzerland is preparing its own equivalent regulation via Motion 24.3810. Obligations, deadlines and concrete steps at a glance.
Why Manual EU CRA Compliance Fails (and Automation Is the Only Way)
EU Cyber Resilience Act manual compliance breaks at scale: SBOM upkeep, 24h ENISA reporting, vulnerability response — automation is the only path.
Vulnerability Management Under the CRA: Obligations, Processes, and Tools for Manufacturers
The Cyber Resilience Act makes vulnerability management mandatory. Learn what processes manufacturers must build – from detection through reporting to coordinated disclosure.
20 Products You Didn't Expect – Why the Cyber Resilience Act Could Disrupt Your Business
RFID chips, plush toys, coffee machines – the CRA affects far more than the IT industry. 20 surprising product examples and what manufacturers need to know now.
CRA Requirements for Industrial Automation: What OEMs and Machine Builders Need to Know
The Cyber Resilience Act affects PLCs, HMIs, and industrial controllers. Learn which CRA requirements apply to industrial automation and how machine builders can implement compliance.
CRA Compliance Software Compared: Why Partial Solutions Fall Short
CRA compliance requires more than SBOM tools or vulnerability scanners alone. Learn why integrated platforms like Kunnus outperform fragmented approaches – and what to look for when choosing.
CRA Conformity Assessment and CE Marking: A Step-by-Step Guide
How does the conformity assessment under the Cyber Resilience Act work? Learn which procedure applies to your product, what CE marking means, and how to create the EU declaration of conformity.
EU CRA Countdown: Your 2026–2027 Compliance Roadmap
EU CRA deadlines: Sept 2026 ENISA reporting, Dec 2027 full compliance. Step-by-step roadmap to hit each milestone — and avoid €15M in fines.
Smart Home and CRA: What Consumer Electronics Manufacturers Need to Know
Smart home devices fall under the Cyber Resilience Act. Learn which CRA requirements apply to smart locks, thermostats, cameras, and other connected household products.
Cyber Resilience Act Requirements: Complete Overview for Manufacturers
All CRA requirements at a glance – from security by design through SBOM obligations to reporting duties. The complete overview with links to detailed guidance for each requirement.
CRA Penalties for Non-Compliance: Fines, Product Recalls, and Consequences
What happens if you fail to comply with the Cyber Resilience Act? Learn about CRA fines up to 15 million euros, product recalls, and the consequences manufacturers face.
CRA vs NIS2: Differences, Overlaps, and What Manufacturers Need to Know
The Cyber Resilience Act and NIS2 Directive are two EU cybersecurity regulations with different scopes. Learn how CRA and NIS2 differ and what obligations apply to manufacturers of digital products.
EU Cyber Resilience Act & SaaS: When the CRA Applies (NIS2 Overlap)
Does SaaS fall under the EU Cyber Resilience Act? Where the boundary sits, how NIS2 overlaps, and when SaaS providers must comply with CRA obligations.
CRA Compliance for Embedded Systems: Requirements, Deadlines, and Implementation
Embedded systems fall under the Cyber Resilience Act. Learn which CRA requirements apply to embedded devices, key deadlines, and how to implement compliance efficiently.
Practical Steps to CRA Compliance
From CRA awareness to action: step-by-step guide for manufacturers based on BSI TR-03183-1. Achieve CRA compliance now.
Cyber Resilience Act Scope: Which Products Are Affected?
Does your product fall under the Cyber Resilience Act? Learn exactly which products the CRA covers, which exemptions apply, and how product classification works.
The CRA Is Coming: Why OEMs Must Act Now
The Cyber Resilience Act takes effect in 2027. OEMs and equipment manufacturers must act now to avoid penalties and market exclusion.
How to Create an SBOM for IoT Products: A Practical Guide to CRA Compliance
Learn how IoT manufacturers can create a Software Bill of Materials (SBOM), choose the right format, and meet the requirements of the EU Cyber Resilience Act.
Cyber Resilience Act Summary: Key Facts at a Glance
A compact summary of the EU Cyber Resilience Act – objectives, scope, core obligations, deadlines, and penalties. With references to the original documents.
Welcome to the Kunnus Blog
Insights on cyber resilience, risk management and robust security strategies. Our blog for modern organizations and manufacturers.
CRA updates by email
Deadlines, official guidance, and myth-busting fact-checks on the Cyber Resilience Act — compact in our newsletter.