Resillion is proud to be part of CRACY – a pioneering EU-backed initiative designed to help businesses across Europe meet the requirements of the new Cyber Resilience Act (CRA) with confidence and ease.

As digital products become increasingly embedded in our daily lives, ensuring their security is no longer optional, it’s essential. The European Union’s Cyber Resilience Act (CRA) sets out to address this need by establishing mandatory cyber security requirements for all products with digital elements (PDEs) sold within the EU. However, for many businesses, navigating these new regulations can be complex and costly. 

That’s where CRACY comes in. 

What is CRACY? 

CRACY (Cyber Resilience Act Compliance for You) is a comprehensive initiative funded by the European Union’s Digital Europe Programme under grant agreement No. 101190492. It was launched in response to a call for proposals aimed at supporting the implementation of the CRA through practical tools and automation. 

Led by LSEC (Leaders In Security) and supported by a consortium of cyber security experts—including Resillion—CRACY is designed to simplify and streamline the compliance process for businesses of all sizes. 

Why CRACY Matters 

The CRA introduces a new regulatory framework that requires digital products to be designed securely, protected against vulnerabilities, and supported throughout their lifecycle with timely updates and patches. These requirements apply to all digital products sold in the EU, whether standalone or integrated into other systems. 

For many organisations, especially those without dedicated cyber security teams, meeting these standards can be daunting. CRACY addresses this challenge head-on by offering a suite of tools and services that make compliance more accessible, efficient, and cost-effective. 

Key Features of CRACY 

CRACY provides a robust and integrated set of resources designed to support businesses in achieving compliance with the EU Cyber Resilience Act. At the heart of the initiative is a focus on helping organisations identify the essential security requirements relevant to their digital products. By clarifying what is needed from a regulatory standpoint, CRACY enables companies to take a more targeted and efficient approach to cyber security. 

In addition to identifying requirements, CRACY supports businesses in evaluating and enhancing their secure development processes. This includes guidance on best practices and tools that promote secure-by-design principles throughout the product lifecycle. The initiative also simplifies the often burdensome task of managing compliance documentation. Through automation and structured templates, CRACY helps organisations maintain accurate records and streamline the process of demonstrating conformity with CRA standards. 

Furthermore, CRACY equips businesses with tools to detect and address vulnerabilities through structured testing and validation. These capabilities are essential for maintaining product integrity and ensuring ongoing compliance. By integrating these functions into a single framework, CRACY significantly reduces the time, effort, and cost typically associated with meeting regulatory requirements, making cyber security compliance more accessible. 

The CRACY toolkit includes: 

☑️Security technology and testing software. 

☑️Checklists for security requirements and controls. 

☑️Self-assessment and self-attestation tools. 

☑️Software for identifying security flaws. 

☑️Services for publishing and validating Software Bills of Materials (SBOMs). 

These tools are designed not only to support compliance but also to foster a culture of cyber security resilience across the European digital ecosystem. 

Focus on Important PDEs 

CRACY places special emphasis on “important products with digital elements,” those that play a critical role in the security of other systems.  

Examples include: 

• Password managers 

• Microcontrollers 

• Industrial firewalls 

• Operating systems 

By targeting these high-impact products, CRACY aims to strengthen the overall cyber security posture of the European market. 

Supporting SMEs 

One of CRACY’s core missions is to empower SMEs, which often lack the resources to navigate complex regulatory landscapes. By providing user-friendly tools and clear guidance, CRACY enables smaller businesses to meet CRA requirements without the need for extensive in-house expertise. 

This focus on SMEs aligns with the broader goals of the Digital Europe Programme, which seeks to ensure that all European businesses, regardless of size, can thrive in a secure and resilient digital environment. 

A Collaborative Effort 

CRACY is the result of a collaborative effort by a diverse consortium of organisations, such as Timelex, Co-Dex, Keysight, and Resillion, amongst many others.  

Each partner brings unique expertise to the table, ensuring that CRACY is built on a foundation of technical excellence, regulatory insight and practical experience. 

What’s Next? 

The CRACY project is currently in development, with the first version of its product suite expected to launch soon. Businesses interested in staying ahead of CRA compliance are encouraged to pre-register via the CRACY website at cra-cy.eu/contact.  

By signing up, you’ll be among the first to access CRACY’s cutting-edge tools and receive updates on the project’s progress. 

 Learn More 

At Resillion, we’re committed to building a safer digital future. By contributing to CRACY, we’re helping to ensure that businesses across Europe can meet cyber security standards with confidence, clarity, and cost-efficiency. 

To learn more, contact our team at Resillion at [email protected].