Methodology

How We Calculate Our Performance Claims

We believe in transparency. This page documents exactly how the figures cited across our website — particularly the 70%+ cost reduction and 10x faster audits — are derived.

70% Cost Reduction

This figure is derived from comparing the total annual cost of manual CRA compliance against the total annual cost when using the Kunnus platform.

Manual CRA Compliance (Annual)

  • Personnel

    0.5–6 FTE at €80,000/year fully loaded cost (scales with product count: base team + reassessment effort at ~40 hours per substantial product change)

  • Tooling

    €25,000 base + €500/product across 4–5 separate tools: SBOM generation (~30%), vulnerability scanner (~25%), document management (~20%), GRC/process management (~25%)

  • External consulting

    €36,000–€120,000/year depending on company size and number of product lines

With Kunnus (Annual)

  • Personnel

    0.2–1 FTE at €80,000/year (reduced through automation: reassessment effort drops to ~4 hours per substantial change)

  • Platform

    Single subscription replacing all 4–5 separate tools. Pricing scales with product count.

  • No separate tooling

    SBOM management, vulnerability tracking, compliance documentation, ENISA reporting, and audit trails included in one platform

Result: For a manufacturer with 20–100 products, manual annual costs typically range from €180,000 to €600,000+. Kunnus reduces this to €50,000–€150,000 — a reduction of 70% or more. The exact figure varies based on product count, complexity, and existing maturity.

10x Faster Audits

This figure is based on a direct time comparison for product reassessments after substantial changes — the most time-intensive recurring compliance activity.

Manual:Manual reassessment: ~40 hours per substantial product change. Includes gathering updated component lists, re-running vulnerability scans, updating documentation, verifying conformity status, and compiling audit evidence.

Kunnus:Kunnus-assisted reassessment: ~4 hours per substantial change. The platform automatically tracks component changes, runs differential SBOM analysis, updates vulnerability status, and pre-populates documentation. The compliance engineer reviews and approves rather than building from scratch.

40 hours ÷ 4 hours = 10x improvement in reassessment speed.

Sources & References

  • CRA Art. 64 — Penalties up to EUR 15 million or 2.5% of global annual turnover
  • CRA Art. 58–59 — Market surveillance powers and product recall authority
  • CRA Annex I — Essential cybersecurity requirements
  • CRA Recital 2 — EUR 5.5 trillion annual cybercrime cost (citing Cybersecurity Ventures / Joint Research Centre)
  • IEC 62443 audit findings — Product security compliance gap rates across manufacturing sector
  • GDPR enforcement patterns — Regulatory fine escalation and enforcement timelines
  • FTE fully loaded cost: €80,000/year (German market average for compliance/engineering roles)

Disclaimer

Actual values vary depending on company size, product count, product complexity, and existing compliance maturity. The figures above represent typical ranges observed in our ROI model. For a personalized estimate, use our interactive ROI calculator or contact us for an individual analysis.

Try the Business Case CalculatorFree CRA Assessment