We’re excited to unveil CRACY, a groundbreaking initiative designed to help businesses effortlessly meet the security requirements of the new EU Cyber Resilience Act. This project aims to streamline compliance, empowering companies to adopt effective strategies for developing safer products and digital services. CRACY has received EU backing as part of the Digital Europe Programme from the European Commission through the European Cybersecurity Competence Centre (ECCC). 

With a special emphasis on small and medium-sized enterprises (SMEs), CRACY will equip companies with the tools and methods needed to evaluate their PDEs, enhance secure development processes and manage compliance documentation to officially meet the EU Cyber Resilience Act (CRA) standards.  

By helping businesses pinpoint essential security requirements, address vulnerabilities and navigate compliance procedures, CRACY aims to significantly cut the costs associated with meeting CRA standards. 

CRACY is set to boost cybersecurity across Europe, also focusing on important products with digital elements (‘important PDEs’) that are vital to the security of other products. Think password managers, microcontrollers, industrial firewalls and operating systems. 

CRACY will offer a suite of tools, including security technology, checklists for security requirements, self-assessment and self-attestation controls, testing software, and tools to identify security flaws. It will also provide services for publishing and validating software bills of materials (SBOMs), among other resources. 

This initiative was launched in response to a call for proposals under the EU Digital Europe Programme, which aims to support the implementation of the Cyber Resilience Act by providing tools that facilitate and, where possible, automate internal compliance procedures, including testing and specification drafting, with a focus on European SMEs. 

The EU Cyber Resilience Act establishes cybersecurity requirements for all digital products sold in the EU, ensuring secure design, protection against vulnerabilities and lifecycle support, including timely updates and patches. These rules apply to all digital products sold in the EU, whether standalone or integrated into other systems. 

The CRACY consortium includes Ceeyu, Co-Dex, ExcID, IDLab/imec, Jimber, LSEC, NCC-RO, Positium, Resillion, SOFT/VUB, Timelex and Toreon. The project is coordinated by LSEC, based in Leuven, Belgium. 

For more information and contacts, reach out to us or contact [email protected].