EU Cyber Resilience Act
Product compliance self-assessment
This assessment helps manufacturers of connected industrial products understand their CRA compliance posture and identify priority gaps before the enforcement deadline.
Company name
Primary product category
Does your product connect to external networks (Ethernet, Wi-Fi, cellular, OPC-UA, MQTT)?
Section 1 of 4
Security by design
CRA Article 13 requires security to be considered throughout the product development lifecycle — not added after the fact.
Does your product development process include a documented threat model or security risk assessment?
Are security requirements formally tracked during product design (e.g. in requirements documents or a security specification)?
Is secure coding guidance (e.g. input validation, memory safety) applied and reviewed during development?
Section 2 of 4
Vulnerability & patch management
CRA Annex I requires manufacturers to handle vulnerabilities for the supported lifetime of the product and provide timely security updates.
Does your company have a process for receiving and triaging vulnerability reports from third parties?
Can your product receive security firmware/software updates over the network (OTA or remote push)?
Do you maintain a Software Bill of Materials (SBOM) listing third-party components and libraries in your product?
Section 3 of 4
Network security & access control
CRA Annex I requires products to protect confidentiality and integrity of data, limit attack surface, and enforce least-privilege access.
Does your product enforce authentication before allowing remote access or configuration changes?
Is network traffic to/from the product encrypted in transit (e.g. TLS, DTLS, encrypted OPC-UA)?
Does your product have the ability to detect and log anomalous network behavior or unauthorized access attempts?
This may be built into the device firmware, or handled by an embedded network monitoring component.
Section 4 of 4
Documentation & conformity
CRA requires manufacturers to maintain technical documentation and provide end-users with security information, including for CE marking conformity.
Does your product have technical documentation describing its security architecture, interfaces, and configuration options?
Do product manuals or data sheets inform end-users how to configure the product securely?
Has your company engaged a conformity assessment body (e.g. TÜV, BSI, SGS) for CRA or any related cybersecurity certification?
Almost done
Receive your report
Enter your contact details to generate your personalised CRA gap assessment report. Wesley AI will follow up with implementation guidance.
Your name
Job title
Work email
Your contact details will be shared only with Wesley AI Inc. for follow-up on your assessment. We do not share your data with third parties.