Cyber ​​Resilience Act Summit

With the  Cyber ​​Resilience Act (CRA),  the European Union has established a minimum level of cybersecurity for all connected products. The CRA covers all products sold in the EU that contain “digital elements.” This includes the entire spectrum of embedded systems —from consumer electronics and household appliances to complex high-end industrial systems—if they can be connected to a network or even to another device.

The CRA has been in force since the end of 2024, and implementation must be completed in several steps by the end of 2027 at the latest. Embedded systems developers, as well as project managers and product managers, are therefore asking themselves: How do I proceed to ensure that my products meet the CRA requirements?

At the Markt&Technik CRA Summit, top-class speakers will demonstrate which strategies can be used to make embedded systems of varying complexity “CRA-safe.”

At the event, Zephyr Project’s functional safety expert Nicole Pappler will be giving a talk on “Preparing open source projects for the CRA”.

About the talk: With the entry into force of the EU Cyber ​​Resilience Act (CRA), manufacturers of connected products face new regulatory requirements for cybersecurity across the entire product lifecycle. The Zephyr project, an open-source real-time operating system (RTOS), addresses these requirements through targeted technical and organizational measures.

The key elements include:

Automated creation of software bills of materials (SBOMs) for transparent component tracking

Long-term security support (LTS) with regular vulnerability fixes

Integration into CVE award processes for structured security communication

Vendor-neutral governance and community-driven development that promotes industrial adoption

Zephyr thus provides a robust open source foundation for the development of secure, auditable, and CRA-compliant embedded systems.

Learn more about the sessions here and register today!