CyberPass

CRA readiness is not the finish line. Many manufacturers are preparing for the Cyber Resilience Act as if the main challenge is to “get ready” before the deadline. Prepare the documentation. Run the assessment. Secure the CE marking. Move on. But that is only part of the story. The real CRA challenge starts after the product is placed on the market. Because once your product is live, your compliance posture depends on whether you can continuously maintain it: ↳ Track product and component changes ↳ Keep your SBOM usable and up to date ↳ Monitor vulnerabilities across third-party components ↳ Handle disclosure and remediation workflows ↳ Document security decisions and corrective actions ↳ Maintain evidence across the product lifecycle This is where many teams are exposed. A static compliance file may help you pass an assessment at one point in time. But it will not help much if a vulnerability appears six months later and your engineering, compliance, and product teams cannot prove what happened, who handled it, how fast they responded, and what evidence supports the decision. Under the CRA, compliance is not only about market entry. It is about lifecycle control. At Red Alert Labs and through CyberPass, we help manufacturers move from static CRA readiness to continuous compliance lifecycle maintenance. If your team is preparing for CRA and wants to understand what this should look like operationally, feel free to reach out. The question is not only: “Are we ready for CRA?” It is also: “Can we stay compliant after the product is on the market?” We help manufacturers structure this continuous compliance lifecycle. If this is becoming a concern for your team, feel free to reach out.

Over the past months, I’ve had the opportunity to contribute as much through the Ad Hoc Working Group alongside ENISA, the Commission, Member States, and industry experts, to the development of the draft candidate European cybersecurity certification scheme for the EUDI Wallet (EUDIW): https://lnkd.in/erprAF2W Today, European Union Agency for Cybersecurity (ENISA) has launched the public consultation on the draft scheme an important milestone toward a more harmonised approach to certifying EUDI Wallets across Europe, in line with the Cybersecurity Act and the eIDAS framework. Building this candidate scheme has been both challenging and energising: bringing together "high" assurance expectations, a composite certification model (multiple CABs with different accreditation scopes), the realities of tooling and accreditation timelines, and the need to keep the end goal front and centre: trust and interoperability at EU scale. A special thank you to Eric Vétillard for the leadership and rigour throughout the process, and to all WG members for the quality of discussions and contributions. If you are working on EUDI Wallets (providers, CABs/CBs, regulators, security teams, interoperability stakeholders), I strongly encourage you to participate in the consultation this is the right moment to share concrete feedback and help strengthen the scheme before adoption. #EUDIW #EUDIWallet #eIDAS #ENISA #CybersecurityCertification #CybersecurityAct #ConformityAssessment #DigitalIdentity #FIDO FIDO Alliance #RedAlertLabs

Meet our team at the GLOBAL INDUSTRIE!

On 9th March, the OCCTET team gathered in Brussels for our latest plenary meeting, bringing together partners from across Europe to take stock of our progress and chart the path ahead. A key takeaway from our discussions: SMEs need clear, accessible, and affordable pathways to CRA compliance. The complexity of open source dependency trees, combined with the regulatory demands of the Cyber Resilience Act, creates a real burden for smaller companies — and that's exactly the challenge OCCTET is built to address. From automated SBOM generation to federated vulnerability data and self-assessment tools, our consortium is working to make compliance less of a barrier and more of an enabler for European SMEs. More updates coming as we hit our next milestones. 🚀 #OCCTET #CRA #CyberResilience #OpenSource #SME

We are proud to support and unveil the launch of the European Cybersecurity Mapping 2026 by the European Champions Alliance. The only pan-European mapping dedicated to cybersecurity start-ups and scale-ups, it is trusted by CISOs, policymakers, corporates, investors, and associations across Europe. This new edition marks a significant milestone, with nearly 1,300 companies analyzed and an expanded coverage of key strategic segments. It stands today as one of the most comprehensive references to better understand and navigate the European cyber ecosystem now available for download. After months of in-depth research, data collection, and analysis, the 2026 Mapping goes even further, offering enhanced insights and a deeper focus on critical areas such as: 🔹 Secure Artificial Intelligence 🔹 Post-quantum cybersecurity 🔹 Sovereign cloud 🔹 Industrial cybersecurity This initiative reflects a strong collective effort, made possible through the collaboration of leading European partners including Atos, KuppingerCole Analysts, Forum INCYBER (FIC), and IONOS, alongside the active contributions of Xelera, Red Alert Labs, EclecticIQ, Advens, GitGuardian, enclaive, WALLIX Group, and LANCOM Systems GmbH. Together, we are helping to shape a stronger, more unified vision of cybersecurity in Europe. 👏 Special thanks to Dominique TESSIER, Andrea Vaugan, and the entire European Champions Alliance team for driving this impactful initiative. 👇 Discover and download the European Cybersecurity Mapping 2026 today via the link in the comment. #Cybersecurity #Europe #Innovation #CyberEcosystem #DigitalSovereignty

🇫🇷️ WHEN INDUSTRY MEETS CYBER REALITY || WHAT THIS IS ABOUT Picture a production line running 24/7, until one connected component becomes the weak link. ↳ We’re exhibiting at GLOBAL INDUSTRIE in #Paris Nord Villepinte ↳ Dates: March 30 to April 2, 2026 ↳ We’re there as part of the Startup Award we won last year ↳ Come meet the Red Alert Labs team: ↳ - Henri Garcia-Pelayo (Sales Administration Manager) ↳ - Sreedevi BEENA (Senior Cybersecurity Analyst) ↳ - Nataël COUTURIER Ccouturier (IoT Security Evaluator & Quality Manager) || WHY YOU SHOULD CARE ↳ Industrial systems are getting more connected, and the attack surface grows with every integration ↳ Supply chain components (firmware, libraries, modules) can quietly become the breach path ↳ Security is no longer just protection; it’s proof you can show to customers, auditors, and partners || ACTIONABLE STEPS ↳ Map what’s inside your products (components + versions) so you can react fast when vulnerabilities drop ↳ Operationalize vulnerability handling (intake, triage, fix, release, evidence) instead of treating it like paperwork ↳ Validate secure update capability under real constraints (downtime windows, rollback, integrity checks) || STANDARDS THAT WILL COME UP | #IEC_62443 ↳ Practical reference for industrial control system security | #NIS2 ↳ Raises expectations on governance and incident readiness in Europe | #CRA (CYBER RESILIENCE ACT) ↳ Pushes lifecycle cybersecurity toward a market requirement for products sold in the EU || LET’S CONNECT If you’re attending Global Industrie (March 30–April 2, 2026) and want to talk industrial IoT security, evaluation, or compliance readiness—message us and let’s meet. ♻️ Share this with someone in industrial engineering, product, or security who’ll be there. P.S. What’s harder for your team right now: asset visibility, vuln handling, or secure updates at scale?

🇺🇸 CYBERSECURITY IS BECOMING MARKET ACCESS || WHAT THIS IS ABOUT Picture launching a product, then being asked one question: can you prove it’s secure over its whole lifecycle? ↳ We’re heading to RSAC Conference 2026 in #SanFrancisco ↳ Roland Atoui (Managing Director, Red Alert Labs) will be there ↳ We’re attending as part of the La French Tech 2030 delegation ↳ If you’re on-site too, let’s connect || WHY YOU SHOULD CARE ↳ Buyers, regulators, and partners increasingly want evidence, not promises ↳ AI, cloud, and connected products are amplifying attack paths and supply-chain exposure ↳ The gap is no longer “do we have security,” it’s “can we demonstrate it quickly, consistently, and audit-ready” || ACTIONABLE STEPS ↳ If you’re building products: align security, product, and compliance early (before release pressure) ↳ If you’re leading security: standardize how you produce proof (SBOMs, vulnerability handling, update capability, incident readiness) ↳ If you’re selling into #Europe: anticipate #CRA-driven expectations now, not at procurement time || STANDARDS THAT WILL COME UP | #CRA (CYBER RESILIENCE ACT) ↳ Because it pushes lifecycle cybersecurity from best practice to commercial requirement for EU market access | #NIS2 ↳ Because it raises expectations on operational security and governance for many organizations in the EU || LET’S CONNECT If you’re attending RSAC and want to talk product cybersecurity, lifecycle evidence, or EU readiness, message us and let’s meet. ♻️ Share this with a teammate going to #RSAC. P.S. What’s your biggest blocker right now: vuln handling, secure updates, or proving evidence at scale?