EU Cyber Resilience Act (CRA)

The European Cyber Resilience Act (CRA) is the European Commission's new law focused on products with digital elements. It is part of a larger cybersecurity framework that already includes similar requirements such as, for example, the EU Cybersecurity Act, NIS Directive, and, in particular, the NIS2 Directive, which the CRA complements.


Cyber Resilience Act Essential Requirements

Below, you'll find a brief overview of the EU Cyber Resilience Act's relevant requirements for embedded device manufacturers.

Product-Specific

According to the CRA, Products must be:

  • Delivered without known vulnerability
  • Include Free Security Patches for at least 5 years, unless the product's estimated lifetime is shorter
  • Protected with a Security-by-Design approach

Handling Vulnerabilities

Device manufacturers must be able to:

  • Provide documentation of the Software used, including the Software Bill of Materials (SBOM)
  • Give early warning in 24h and a full notification in 72h about any vulnerabilities
  • Address vulnerabilities and provide patches with no delay

Information & Instruction

The following details should be readily available and well-documented:

  • The intended use of the product
  • How to remove data from the devices
  • A description of the product's security features


Timeline for CRA

How Torizon Simplifies Compliance with the CRA

Torizon Platform is recognized for its robust build system based on the Uptane Framework, which facilitates the creation of custom Linux distributions for embedded systems, playing a crucial role in the development of secure products and applications. Using the Torizon Platform, you are taking advantage of shared collaboration and established best practices, which meet a key requirement of the CRA, including the Software Bill of Materials (SBOM) and CVE reports.

Software Bill of Materials (SBOM)

You want to know exactly what goes into your Software. We publish the SBOMs and CVE reports on every TorizonCore build. They are readily and publicly available, making it easier to comply with vulnerability-handling and documentation requirements.

Secure Boot

Secure Boot is the process of booting an image from a valid trusted source — related to the authenticity check specification — while ensuring it has not been modified in any way, complying with the CRA's integrity clause.

Proven Security Framework

Torizon is built with automotive-grade security in mind, thanks to its Uptane-based architecture. Along with Secure-Boot, it guarantees that what you think you're installing is indeed what is being installed. Furthermore, it prevents tampering with the image.

Reliable Updates Process

Torizon offers out-of-the-box, over-the-air, or physical offline updates via a USB stick or SD Card. This process is secure and verifiable due to several layers of validation and fallback systems that ensure your devices keep working at all times.

Vulnerability Monitoring

The Torizon platform allows you to check in on any unit, at any time. It also allows you to customize the metrics you'd like to keep track of, such as CPU performance, the device's temperature, overall status, and more. This allows you to preempt any vulnerabilities and roll out patches promptly.

Explore Our Recent Related Content


Get in touch with our team

Need help with the Cyber Resilience Act? Just reach out to us!

Built for You

Application Developer

Develop your embedded application on top of a solid foundation and leverage powerful tools.

OS Maintainer

Easily customize the Torizon OS to fit your needs without needing Yocto Project.
Learn More

Tech Lead

Improve your team's efficiency with modern, agile workflow and CI/CD.

Business Leader

Transform your business with faster delivery, more innovation, and lower maintenance costs.
Learn More

Made for Demanding Applications

Industrial Automation and Robotics
Transportation and Agriculture
Test & Measurement
Medical and Healthcare
Smart City

Get Started

My team owns

Torizon is fully integrated with Toradex Hardware

Torizon OS runs on most of our newer modules! Leverage a fully integrated stack and start developing today.

Integrating Torizon is easier than you think!

Torizon OS is fully Open Source! We provide references on how to integrate it with your own hardware. Do it yourself or with our partners!

We have everything you need to get started!

To kick-start your evaluation, choose from these Starter Kits to profit from the tight software-hardware integration.

Get in Touch With Us

Want to know more about Torizon?


?Have a Question ?