Industries Affected by the Cyber Resilience Act
If you make something with software that’s sold in the EU and it’s not a car, a plane or a medical device — you need Kunnus.
The following are our focus industries — but Kunnus supports all CRA-affected companies, including pure software and app developers.
Industrial Machinery & Automation
Industrial machines with embedded software face a new regulatory reality. The Cyber Resilience Act requires manufacturers of PLCs, CNC machines, and robotics solutions to demonstrate cybersecurity throughout the entire product lifecycle. With product lifecycles spanning 15 years or more, continuous vulnerability monitoring becomes the central challenge.
Learn moreIoT & Connected Consumer Products
Connected consumer products are at the heart of the Cyber Resilience Act. Smart home devices, wearables, and connected appliances process sensitive user data and are permanently connected to the internet. The CRA demands security by default, regular updates, and transparent vulnerability communication from manufacturers.
Learn moreEnergy & Building Technology
Energy and building technology forms the backbone of critical infrastructure. Smart meters, building automation, and energy management systems are increasingly connected, placing them firmly in the focus of the Cyber Resilience Act. The overlap with critical infrastructure requirements and NIS2 makes the compliance landscape particularly complex.
Learn moreIndustrial Components & Tier 1 Suppliers
As a component manufacturer, you stand at the center of the CRA supply chain. Your drives, sensors, and controllers are integrated into the end products of numerous OEMs. The Cyber Resilience Act requires every component with digital elements to meet security requirements, and your OEM customers increasingly demand proof.
Learn moreAgriculture & Smart Farming
The digitization of agriculture brings connected sensors, autonomous field robots, and data-driven management systems to the field. The Cyber Resilience Act captures these products and presents AgriTech manufacturers with new challenges, particularly in remote update delivery and securing devices under harsh operating conditions.
Learn moreTelecom & Network Equipment
Network equipment forms the critical infrastructure of the digital society. Routers, gateways, and edge devices are privileged network components with far-reaching access rights. The Cyber Resilience Act classifies many of these products in higher risk classes and demands particularly stringent security measures.
Learn moreSoftware & SaaS Products
Software is at the core of the Cyber Resilience Act: Whether desktop application, mobile app, or cloud-based platform, software products are explicitly covered as products with digital elements. For software vendors and SaaS providers, this means new obligations for vulnerability handling, SBOM creation, and security documentation that must be reconciled with agile release cycles.
Learn moreEmbedded Systems & Firmware
Firmware is the invisible foundation of modern products with digital elements and a central topic of the Cyber Resilience Act. Embedded systems in control units, microcontrollers, and real-time systems often have lifecycles spanning decades. The CRA demands continuous security updates, complete SBOMs, and structured vulnerability processes even for these systems.
Learn moreSmart Home & Consumer Electronics
Smart home devices and connected consumer electronics are at the center of the Cyber Resilience Act. From smart speakers and wearables to connected appliances: millions of devices in private households process sensitive data and face constant cyber risks. The CRA classifies many of these products as particularly critical and demands stringent security measures.
Learn moreDo You Need Kunnus?
Whether you’re starting from scratch or looking to replace manual processes — if any of these apply to you, we should talk.
No plan yet?
- No dedicated CRA team or responsible assigned
- No SBOM process in place
- No vulnerability monitoring whatsoever
- Still treating CRA as “something for later”
- Selling connected products in the EU with zero compliance roadmap
Already working on it, but it’s too complex?
- SBOM management via Excel spreadsheets
- Manual vulnerability research and tracking
- Compliance evidence scattered across folders
- No centralized dashboard for CRA status
- Fragmented tools without integration
What Kunnus Does for You
From automated SBOM management to continuous vulnerability monitoring — Kunnus turns CRA compliance from a burden into a streamlined process. See how our platform works.
Explore FeaturesExcluded from the CRA
Automotive, aviation and medical devices are subject to their own EU regulations (UNECE WP.29, EASA, MDR/IVDR) and are not covered by the Cyber Resilience Act.
Ready to assess your CRA readiness?
Take our free maturity assessment and get a personalized compliance roadmap in 15 minutes.