Kunnus
About CRA
AssessmentFeaturesBlog
Sign InGet Started
Limited Time Offer

Find Out Where You Stand with CRA Compliance

Free CRA Readiness Assessment — Usually €299, Now Free for a Limited Time

Get a comprehensive evaluation of your organization's CRA compliance status. Identify gaps, understand your obligations, and receive a personalized roadmap to compliance.

Start Free AssessmentLearn About CRA
Takes 15-20 minutes

This is a readiness assessment to help you understand where to start. It does not guarantee CRA compliance.

Benefits

Why Take a CRA Readiness Assessment?

The December 2027 deadline is closer than you think. Understanding your current compliance status is the first step to avoiding costly penalties and ensuring your products can continue to be sold in the EU.

Identify Your Gaps

Discover exactly where your organization stands today and what needs to be addressed before the CRA takes full effect.

Understand Your Obligations

Get clarity on which CRA requirements apply to your products, from SBOM documentation to vulnerability reporting.

Prioritize Your Actions

Receive a customized roadmap that breaks down compliance into manageable steps, prioritized by urgency and impact.

Avoid €15M Fines

Non-compliance can cost up to €15M or 2.5% of global turnover. Know your risks before authorities start enforcing.

Industries

Who Needs a CRA Assessment?

If you manufacture, import, or distribute products with digital elements in the EU, the CRA affects you.

Industrial Machinery

Industrial machines with embedded software face a new regulatory reality. The Cyber Resilience Act requires manufacturers of PLCs, CNC machines, and robotics solutions to demonstrate cybersecurity throughout the entire product lifecycle. With product lifecycles spanning 15 years or more, continuous vulnerability monitoring becomes the central challenge.

Learn more

IoT & Consumer Products

Connected consumer products are at the heart of the Cyber Resilience Act. Smart home devices, wearables, and connected appliances process sensitive user data and are permanently connected to the internet. The CRA demands security by default, regular updates, and transparent vulnerability communication from manufacturers.

Learn more

Energy & Building Tech

Energy and building technology forms the backbone of critical infrastructure. Smart meters, building automation, and energy management systems are increasingly connected, placing them firmly in the focus of the Cyber Resilience Act. The overlap with critical infrastructure requirements and NIS2 makes the compliance landscape particularly complex.

Learn more

Industrial Components

As a component manufacturer, you stand at the center of the CRA supply chain. Your drives, sensors, and controllers are integrated into the end products of numerous OEMs. The Cyber Resilience Act requires every component with digital elements to meet security requirements, and your OEM customers increasingly demand proof.

Learn more

Smart Farming

The digitization of agriculture brings connected sensors, autonomous field robots, and data-driven management systems to the field. The Cyber Resilience Act captures these products and presents AgriTech manufacturers with new challenges, particularly in remote update delivery and securing devices under harsh operating conditions.

Learn more

Telecom & Networking

Network equipment forms the critical infrastructure of the digital society. Routers, gateways, and edge devices are privileged network components with far-reaching access rights. The Cyber Resilience Act classifies many of these products in higher risk classes and demands particularly stringent security measures.

Learn more

Software & SaaS

Software is at the core of the Cyber Resilience Act: Whether desktop application, mobile app, or cloud-based platform, software products are explicitly covered as products with digital elements. For software vendors and SaaS providers, this means new obligations for vulnerability handling, SBOM creation, and security documentation that must be reconciled with agile release cycles.

Learn more

Embedded Systems

Firmware is the invisible foundation of modern products with digital elements and a central topic of the Cyber Resilience Act. Embedded systems in control units, microcontrollers, and real-time systems often have lifecycles spanning decades. The CRA demands continuous security updates, complete SBOMs, and structured vulnerability processes even for these systems.

Learn more

Smart Home & Consumer

Smart home devices and connected consumer electronics are at the center of the Cyber Resilience Act. From smart speakers and wearables to connected appliances: millions of devices in private households process sensitive data and face constant cyber risks. The CRA classifies many of these products as particularly critical and demands stringent security measures.

Learn more
View all affected industries

Process

How the Assessment Works

Our assessment is based on a proven 4-level maturity framework aligned with BSI guidelines and CRA requirements.

1
15-20 min

Answer Questions

Complete our comprehensive questionnaire covering security practices, vulnerability management, documentation, and lifecycle processes.

2
Instant

Get Your Score

Receive an immediate maturity assessment across key CRA compliance areas with a visual breakdown of your strengths and gaps.

3
Instant

Download Your Report

Get a detailed PDF report with findings, recommendations, and a prioritized action plan tailored to your organization.

4
Optional

Schedule Expert Review

Book a free consultation with our CRA experts to discuss your results and next steps toward full compliance.

Framework

Our 4-Level Maturity Framework

We evaluate your organization across four progressive maturity levels, from basic awareness to full automation.

1

Initial

Ad-hoc processes, limited documentation, reactive approach to security issues.

2

Developing

Some processes documented, beginning to track vulnerabilities, partial SBOM coverage.

3

Defined

Standardized processes, systematic vulnerability management, comprehensive documentation.

4

Optimized

Fully automated compliance, continuous monitoring, proactive security practices.

€299 ValueFREE

What You'll Receive

Our assessment provides everything you need to understand and plan your CRA compliance journey.

Maturity Score

Overall compliance readiness score with breakdown by category: Security by Design, Compliance Documentation, Vulnerability Disclosure, and Lifecycle Security.

Gap Analysis

Detailed identification of missing capabilities, processes, and documentation required for full CRA compliance.

Prioritized Roadmap

Step-by-step action plan organized by priority and timeline, helping you tackle the most critical items first.

Recommendations

Specific, actionable recommendations tailored to your industry, product type, and current maturity level.

Benchmarking

See how your organization compares to industry peers and understand where you stand relative to compliance leaders.

Expert Review (Optional)

Free 30-minute consultation with our CRA specialists to review your results and answer questions.

FAQ

Common Questions

Ready to Assess Your CRA Readiness?

Join hundreds of manufacturers already preparing for December 2027

Start Free Assessment Now
No credit card required
Results in 15-20 minutes
Detailed PDF report included
Optional expert review
Kunnus by Think Ahead

The complete EU CRA compliance platform for companies building products with digital elements. Reduce cost and time by 70%.

Kunnus is a product and brand by Think Ahead.

Features

  • Risk Analysis
  • SBOM Management
  • Vulnerability Tracking
  • Compliance Documentation

Industries

  • Industrial Machinery
  • IoT & Consumer Products
  • Energy & Building Tech
  • Industrial Components
  • Smart Farming
  • Telecom & Networking
  • Software & SaaS
  • Embedded Systems
  • Smart Home & Consumer

Resources

  • Assessment
  • CRA Guide
  • Blog

Company

  • About
  • Imprint

© 2026 Think Ahead Technologies GmbH. All rights reserved.

PrivacyCookiesImprint