Cyber Resilience Act made Easy

Welcome to CRACY a collaboration of 11 top European Cybersecurity technology providers supporting the deployment of the CRA

get started today! find out more Is My Product a PDE?
Cyber Resilience act

CRA

Is the European regulation that mandates Products with Digital Elements in Europe to be secure. What that entails and how to get there is what CRACY facilitates 

get started now
AnnoucementsIndustry News

CRACY at CTX Seville: Supporting the Implementation of the Cyber Resilience Act

The CRACY project was recently featured during CTX in Seville, a flagship event for the Spanish digital and startup ecosystem. The project was highlighted during the panel discussion “National Sovereignty: Problem or Solution?”, which explored how Europe can strengthen its digital sovereignty through technology, regulation, and […]
by Vinicius Louzano
on Mar 27
Read more
Uncategorized

CRA Conformity Assessment Procedures – Webinar Recording Available

Understanding how to demonstrate compliance with the Cyber Resilience Act (CRA) is a key challenge for organisations developing products with digital elements. To help companies navigate this process, the CRACY project hosted the webinar “CRA Conformity Assessment Procedures.” If you missed the live session, the full […]
by Vinicius Louzano
on Mar 26
Read more
AnnoucementsIndustry NewsUncategorizedWebinar

CRACY-SASE – A Platform to Properly Secure Your IoT Device – Webinar Recording Available

Securing connected devices has become increasingly complex as products grow more distributed and interconnected. To address these challenges, the CRACY project hosted the webinar “CRACY-SASE – A Platform to Properly Secure Your IoT Device.” The session explored how modern security architectures can help protect IoT devices […]
by Vinicius Louzano
on Mar 20
Read more
whe evaluate products with digital elements

We evaluate your products with digital elements on their cybersecurity.

CRACY provides methods, methodologies and tools to help you assess your products, support your development teams in improving their secure development, facilitate the process in documenting and ensure compliance with the CRA.

LEARN MORE

We would love to hear from you!

CRACY is a collaboration of eleven European Cybersecurity expert organisations, supported by the European Cybersecurity Competence Center (ECCC) and the European Commission.

get in touch
what do we offer

Security Technologies for Products with Digital Elements

Mainly oriented towards the smaller and medium sized product development companies in Europe creating software and hardware with software components, we select, build and provide component that help secure those products.

LEARN MORE

Frequently Asked Questions (FAQ)

What is the Cyber Resilience Act? What is a PDE (Product with Digital Elements)? I am a small business, should I comply with the CRA?

The Cyber Resilience Act or ‘CRA‘ is a European Regulation that imposes essential cybersecurity requirements to products with digital elements or ‘PDEs‘. These requirements need to be implemented by manufacturers of PDEs prior to them being allowed to place the products on the European Union market.

The Regulation is unique, in that it is a mix of cybersecurity legislation and product legislation.

The essential requirements are baseline requirements that need to be fulfilled by all products falling under the regulation, irrespective of the sector in which they are used. A list with the specific requirements can be found under Annex I of the CRA.

A product with digital elements is defined as “a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately”. This definition includes many elements that need further clarification to achieve full understanding of the concept of a PDE. Moreover, to fall within the scope of the CRA, the PDE also needs to be made available on the market and it must have the intended purpose or reasonably foreseeable use of including “a direct or indirect, logical or physical data connection to a device or network”.

read more

Yes. The Cyber Resilience Act does not contain exclusions for micro, small and/or medium-sized enterprises. However, it provides for limited deviations, somewhat lessening the burden of complying on those companies.

read more
Check here complete FAQ
https://cra-cy.eu/events/
© 2026 LSEC - Leaders In Security - This project has received funding from the European Union’s Digital Europe Programme under grant agreement No 101190492.