Cyber Resilience Act in Practice
How to prepare your organization and products for new EU requirements? CRA Survival Kit for R&D Managers — a compact training for decision-makers.
About the Training
The Cyber Resilience Act (CRA) is coming into force and changing the rules for every manufacturer of devices with digital elements. From 2027, products that don’t meet the requirements will not be allowed on the EU market.
This training was designed specifically for R&D managers, Product Owners, and decision-makers who need to understand the implications of CRA for their organization — without diving into implementation details. Don’t have time for 3-day technical courses? This format is for you.
You will learn:
- What exactly CRA requires and how to classify your products
- What organizational changes are necessary (processes, documentation, responsibilities)
- How much it will cost and how to budget for compliance
- Where the biggest risks are and how to mitigate them
🎯 Who is this training for?
This training is NOT for developers implementing Secure Boot. It’s for people who:
✓ Manage R&D teams and need to plan resources for compliance
✓ Are responsible for the product and need to assess CRA’s impact on the roadmap
✓ Make budget decisions regarding product security
✓ Report to the board and need a clear picture of regulatory risks
✓ Work with suppliers and need to understand supply chain security requirements
📅 Training Program
Module 1: CRA Decoded — What Does the Regulation Really Require?
Clear explanation of the regulation without legal jargon.
- Cyber Resilience Act vs NIS2 vs RED — map of regulations and their relationships
- Product classification: Default, Important Class I, Important Class II, Critical
- Where is your product? Classification workshops using participants’ examples
- Implementation timeline: What do you need ready by 2025, 2026, 2027?
Module 2: Impact Assessment — What Does This Mean for Your Organization?
Practical analysis of impact on processes, teams, and budget.
- “Security by Design” requirements — what does it mean for the product development process?
- Technical documentation and declaration of conformity — scope and responsibility
- Vulnerability handling: Mandatory processes for reporting and patching vulnerabilities
- Cost estimation: Framework for assessing compliance expenditures
Module 3: Supply Chain Security — Your Suppliers Are Your Problem
Managing risk in the software supply chain.
- SBOM (Software Bill of Materials) — what is it and why is it mandatory?
- How to verify the security of open source components?
- Supplier contracts: What security clauses to introduce?
- Case study: Supply chain attack and its legal consequences under CRA
Module 4: Compliance Roadmap — Action Plan for Monday
Concrete steps to implement in your organization.
- Gap analysis: Where are you today vs where do you need to be?
- Action prioritization: Quick wins vs long-term investments
- Build vs Buy: When to develop competencies internally, when to outsource?
- Deliverable: Draft CRA implementation plan for your organization
💰 Formats and Pricing
I offer two formats tailored to the time availability of management staff.
Option A: EXECUTIVE BRIEFING (4 hours)
Condensed session for those who need a quick but solid introduction. Ideal as a kick-off before budget or strategy planning.
| Format | 4 hours (e.g., 9:00-13:00 or 13:00-17:00) |
| Scope | Modules 1-2 + key elements of Modules 3-4 |
| Outcome | Understanding of CRA requirements and initial assessment of organizational impact |
| Price | €400 net / person |
| Min. group | 3 people |
Option B: FULL DAY INTENSIVE (1 day) ⭐ Recommended
Full training with practical workshops. Participants leave with a draft implementation plan for their organization.
| Format | 1 day (8 hours with breaks) |
| Scope | All modules + practical workshops |
| Outcome | Complete knowledge + draft compliance roadmap |
| Price | €650 net / person |
| Min. group | 3 people |
In-House Option: For groups of 5+ people from one organization, I offer closed training at the client’s premises. Price negotiated individually — request a quote.
🏆 Why is it worth it?
| Benefit | Description |
|---|---|
| Time is money | 4-8 hours instead of weeks of studying the regulation and its interpretations yourself |
| Manager’s language | Zero code, zero implementation details — focus on business and organizational decisions |
| Practical deliverables | You leave with a draft action plan, not just theoretical knowledge |
| Risk reduction | Penalties for CRA non-compliance can reach €15 million or 2.5% of global turnover — better safe than sorry |
⚠️ Key CRA Dates
| Date | Event |
|---|---|
| December 2024 | CRA enters into force |
| September 2026 | Obligation to report vulnerabilities and incidents |
| December 2027 | Full compliance required for all new products |
Don’t wait until the last moment. Implementing “Security by Design” processes takes time — start planning now.
🎓 Instructor
The training is led by a practitioner with years of experience in:
- Implementing Secure Boot and Chain of Trust on embedded platforms
- Designing security architecture for IoT systems
- Implementing Secure OTA processes and vulnerability management
I combine deep technical knowledge with the ability to communicate with management — I know which details are relevant to business decisions and which can be omitted.
Want to schedule training for your management team? Contact me to discuss dates and format. The first organizations are already preparing — don’t fall behind.
Interested in the training?
Contact me to discuss details, customize the program for your team, or schedule a date.
Contact ← All Trainings