Kunnus
About CRA
AssessmentFeaturesBlog
Sign InGet Started

Industries Affected by the Cyber Resilience Act

If you make something with software that’s sold in the EU and it’s not a car, a plane or a medical device — you need Kunnus.

The following are our focus industries — but Kunnus supports all CRA-affected companies, including pure software and app developers.

Industrial Machinery & Automation

Industrial machines with embedded software face a new regulatory reality. The Cyber Resilience Act requires manufacturers of PLCs, CNC machines, and robotics solutions to demonstrate cybersecurity throughout the entire product lifecycle. With product lifecycles spanning 15 years or more, continuous vulnerability monitoring becomes the central challenge.

Learn more

IoT & Connected Consumer Products

Connected consumer products are at the heart of the Cyber Resilience Act. Smart home devices, wearables, and connected appliances process sensitive user data and are permanently connected to the internet. The CRA demands security by default, regular updates, and transparent vulnerability communication from manufacturers.

Learn more

Energy & Building Technology

Energy and building technology forms the backbone of critical infrastructure. Smart meters, building automation, and energy management systems are increasingly connected, placing them firmly in the focus of the Cyber Resilience Act. The overlap with critical infrastructure requirements and NIS2 makes the compliance landscape particularly complex.

Learn more

Industrial Components & Tier 1 Suppliers

As a component manufacturer, you stand at the center of the CRA supply chain. Your drives, sensors, and controllers are integrated into the end products of numerous OEMs. The Cyber Resilience Act requires every component with digital elements to meet security requirements, and your OEM customers increasingly demand proof.

Learn more

Agriculture & Smart Farming

The digitization of agriculture brings connected sensors, autonomous field robots, and data-driven management systems to the field. The Cyber Resilience Act captures these products and presents AgriTech manufacturers with new challenges, particularly in remote update delivery and securing devices under harsh operating conditions.

Learn more

Telecom & Network Equipment

Network equipment forms the critical infrastructure of the digital society. Routers, gateways, and edge devices are privileged network components with far-reaching access rights. The Cyber Resilience Act classifies many of these products in higher risk classes and demands particularly stringent security measures.

Learn more

Software & SaaS Products

Software is at the core of the Cyber Resilience Act: Whether desktop application, mobile app, or cloud-based platform, software products are explicitly covered as products with digital elements. For software vendors and SaaS providers, this means new obligations for vulnerability handling, SBOM creation, and security documentation that must be reconciled with agile release cycles.

Learn more

Embedded Systems & Firmware

Firmware is the invisible foundation of modern products with digital elements and a central topic of the Cyber Resilience Act. Embedded systems in control units, microcontrollers, and real-time systems often have lifecycles spanning decades. The CRA demands continuous security updates, complete SBOMs, and structured vulnerability processes even for these systems.

Learn more

Smart Home & Consumer Electronics

Smart home devices and connected consumer electronics are at the center of the Cyber Resilience Act. From smart speakers and wearables to connected appliances: millions of devices in private households process sensitive data and face constant cyber risks. The CRA classifies many of these products as particularly critical and demands stringent security measures.

Learn more

Do You Need Kunnus?

Whether you’re starting from scratch or looking to replace manual processes — if any of these apply to you, we should talk.

No plan yet?

  • No dedicated CRA team or responsible assigned
  • No SBOM process in place
  • No vulnerability monitoring whatsoever
  • Still treating CRA as “something for later”
  • Selling connected products in the EU with zero compliance roadmap

Already working on it, but it’s too complex?

  • SBOM management via Excel spreadsheets
  • Manual vulnerability research and tracking
  • Compliance evidence scattered across folders
  • No centralized dashboard for CRA status
  • Fragmented tools without integration

What Kunnus Does for You

From automated SBOM management to continuous vulnerability monitoring — Kunnus turns CRA compliance from a burden into a streamlined process. See how our platform works.

Explore Features

Excluded from the CRA

Automotive, aviation and medical devices are subject to their own EU regulations (UNECE WP.29, EASA, MDR/IVDR) and are not covered by the Cyber Resilience Act.

Helpful Guides for Getting Started

CRA Explained — Complete GuideCRA Countdown: Your 2026–2027 Compliance RoadmapPractical Steps for OEMs to Achieve CRA ComplianceWhy Manual CRA Compliance Fails

Ready to assess your CRA readiness?

Take our free maturity assessment and get a personalized compliance roadmap in 15 minutes.

Start Free Assessment
Kunnus by Think Ahead

The complete EU CRA compliance platform for companies building products with digital elements. Reduce cost and time by 70%.

Kunnus is a product and brand by Think Ahead.

Features

  • Risk Analysis
  • SBOM Management
  • Vulnerability Tracking
  • Compliance Documentation

Industries

  • Industrial Machinery
  • IoT & Consumer Products
  • Energy & Building Tech
  • Industrial Components
  • Smart Farming
  • Telecom & Networking
  • Software & SaaS
  • Embedded Systems
  • Smart Home & Consumer

Resources

  • Assessment
  • CRA Guide
  • Blog

Company

  • About
  • Imprint

© 2026 Think Ahead Technologies GmbH. All rights reserved.

PrivacyCookiesImprint