Our Cyber Resilience Act Compliance Suite helps companies implement regulatory requirements relating to cybersecurity, product design, and supply chains in a structured and legally compliant manner. From the classification of your products and contractual risk mitigation through to project-based implementation support, we provide modular solutions tailored to your products, processes, and value chains.
Cyber Resilience Act Compliance Suite
Modular fixed-fee advisory services for implementing the requirements of the Cyber Resilience Act (CRA) for manufacturers, importers, and distributors of digital products.
Modul 1
CRA In-Scope Assessment
Assessment of whether your products fall within the scope of the Cyber Resilience Act, including a structured identification of the relevant regulatory requirements.
Objective
Clear determination of whether — and to what extent — your products are subject to the CRA, together with the identification of the applicable compliance obligations.
Scope of Services
- Analysis of your products and product portfolio
- Assessment of whether the products qualify as products with digital elements
- Classification into relevant product categories (e.g. standard, important, or critical products)
- Clarification of your role (manufacturer, importer, or distributor)
- Identification of potential exemptions and thresholds
- Determination of the applicable requirements for each product category
Deliverables
- Written in-scope assessment memorandum
- Product-specific requirements matrix
Modul 2
Contract & Supply Chain Compliance
Legally compliant implementation of CRA requirements within contracts and across your supply and value chains.
Objective
Contractual safeguarding of CRA compliance obligations vis-à-vis suppliers and customers.
Scope of Services
- Review of existing supplier and customer agreements
- Integration of obligations relating to security, updates, and vulnerability management
- Contractual safeguarding of information and cooperation obligations
- Revision of liability and indemnification provisions
- Review and adaptation of customer agreements, SaaS terms, and maintenance agreements
Deliverables
- Redline versions of contractual documents
- Modular CRA clause templates for flexible use
- Supply chain risk analysis
Modul 3
CRA Project Implementation Support
Ongoing legal support for the technical and organizational implementation of CRA requirements.
Objective
Ensuring that all technical, organizational, and documentation-related measures are implemented in a legally consistent and reliable manner.
Scope of Services
- Ongoing legal support for your CRA implementation projects
- Coordination with IT security and compliance teams
- Assessment of security-by-design and security-by-default concepts
- Support for vulnerability handling and incident management processes
- Legal review of technical documentation
- Assistance with regulatory inquiries and supervisory audits
Deliverables
- Ongoing legal assessments
- Structured decision documentation
- Legal safeguarding of implementation measures
Modular Implementation of Your CRA Compliance
Modular Approach
Select exactly the modules you need and expand your compliance framework across your product and supply chains as your requirements evolve.
Product- and Security-Focused Advisory Services
Specifically tailored to products with digital elements and the related regulatory requirements for cybersecurity and IT security.
Predictable Scope & Fixed Fees
Clearly defined scopes of work and transparent fixed fees ensure planning certainty and cost control.
End-to-End Compliance Across the Value Chain
From product classification through to contractual implementation and technical project support — all compliance requirements covered from a single source.