Brussels, 19th of June
Europe’s Cyber Resilience Act (CRA) marks a pivotal moment for cybersecurity in Europe by improving the cybersecurity of everyday products and software used by millions of Europeans every day. In order for manufacturers to comply with the CRA, harmonised European standards need to be defined and developed: these should be based on the CRA standardisation request, published by the European Commission in Autumn 2024.
To support this, the CYBERSTAND.eu project is providing €1.5 million of funding to European experts to support contributions for the development of harmonised standards through funding opportunities, while raising awareness through dialogue with different stakeholders – who will be directly impacted by the CRA.
In this context, the first annual event of CYBERSTAND – held on the 19th of June in Brussels – focused on translating the legal obligations of the CRA into actionable pathways for SMEs, SDOs and policymakers: an important opportunity for understanding how harmonised standards, both horizontal and product-specific, will support compliance and ensure that products with digital elements are secure by design, resilient by default and compliant throughout their lifecycle.
Coordinating Actions and Synergies Across the CRA Initiatives
Trust-IT Services, as project coordinator and leader for dissemination, has combined the event agenda with high-level insights from EU institutions, with a deep dive into practical aspects of the CRA implementation, also including other EU-funded CRA initiatives. Synergies in this context are fundamental for bringing together the community to set up possible collaborations and discussions.
Beyond content curation, Trust-IT played a central role in the end-to-end organisation of the event, by co-developing the agenda together with project partners – who also supported speakers invitations – and handling photography and video production.
This first annual event represented an important occasion for Trust-IT and the Consortium to showcase the results reached in this first year of work – with a focus on CYBERSTAND funding opportunities, which have supported more than 50 experts in developing harmonised standards – and define the road ahead for the upcoming activities.
The Future of the CRA: Insights and Takeaways
Moving beyond the outdated "ship and forget" approach, the EU’s Cyber Resilience Act (CRA) mandates that manufacturers and software providers embed cybersecurity into digital products from the design phase through to end-of-life. This represents a fundamental shift – from treating security as an optional feature to recognising it as a legal obligation.
To support this transition, the CRA encourages companies, particularly small and medium-sized enterprises (SMEs) and open-source developers, to adopt harmonised technical standards that simplify compliance and reduce legal uncertainty. Tailored mechanisms such as regulatory sandboxes and simplified documentation aim to ease the burden on SMEs, although many still face challenges due to limited cybersecurity expertise.
The legislation is especially critical for protecting Europe’s essential services. Even minor digital vulnerabilities can pose significant risks when embedded in critical infrastructure. By promoting a system-wide approach to security and demanding transparency in product updates and supply chain changes, the CRA seeks to raise the baseline for digital safety across the EU. Experts suggest the Act not only reinforces Europe’s cyber resilience, but could also serve as a global model for digital regulation.
In this context, discussions during the event marked a clear call for continuous engagement: standardisation is not a one-off deliverable, but a process that must evolve with the threat landscape, use cases, and technological advancements. Collaborative actions will be pivotal for adopting a common European approach to cyber-secure products and compliance pathways.
