CRA 5-Minute Primer
The EU Cyber-Resilience Act (CRA) is a landmark law that makes cybersecurity a mandatory, legal requirement for all "products with digital elements" sold in the European Union. For the first time, secure-by-design principles are moving from best practice to a legal obligation, enforced through CE marking.
CRA Harmonised Standards
Why this matters now
CRA Readiness Gap Analysis
A practical CRA readiness checklist for connected-product teams assessing scope, secure-by-design controls, vulnerability handling, technical documentation, evidence gaps, and next actions.
Cyber-Resilience Act (CRA)
1. Why the CRA matters now
FDA Cybersecurity
1. Why FDA Cybersecurity Requirements Matter
First-Sprint Checklist
Use this checklist when a connected-product team needs to start secure-by-design work quickly and turn it into sprint-sized actions.
In Vitro Diagnostic Regulation (IVDR)
1. Why the IVDR matters for connected devices
Medical Device Regulation (MDR)
1. Why the MDR matters for connected devices
NIS 2 Directive
1. Why NIS 2 matters now
PECR (UK)
1. Why PECR matters for Connected Devices
PSTI Act (UK)
1. Why PSTI matters now
Radio Equipment Directive (RED)
1. Why the RED cyber rules matter now
Secure-by-Design Evidence Pack
A secure-by-design evidence pack is a structured collection of documents, records, and technical artefacts that helps show how a connected product was designed, built, assessed, released, supported, and maintained.
User Information & Documentation
1. Introduction to User Documentation