Status of CRA standardization by committees only at 25%

We provide proactive, transparent and continuous information as soon as relevant news is available.

Status: February 2026

Why the CRA is coming:

A ransomware attack occurs every 11 seconds worldwide. The resulting damage runs into the billions every year. To counteract this, the EU Parliament passed the Cyber Resilience Act (CRA) in October 2024.
From December 11, 2027, new products with digital components must meet the CRA requirements. The deadline for manufacturers to fully implement all requirements ends on this date.
The CRA obliges manufacturers to, among other things

• ensure cyber security throughout the entire product life cycle
• continuously rectify known vulnerabilities
• document clear security processes
• comply with technical standards
  Products without CRA conformity can no longer bear the CE marking and may therefore no longer be sold in Europe.

State of regulation:

• The BSI has announced that it will become the market surveillance authority for the CRA in Germany.
  Source: https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2025/251007_CRA_BSI_marktueberwachende_Behoerde.html
• The scope of the CRA is very comprehensive and affects almost all products with digital components.
• European standardization is currently only around 25% of the way to the target - industrial standards in particular are still in draft form.
  Source: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/CRA/Dashboard_CRA.pdf?__blob=publicationFile&v=5

As many requirements have not yet been finally defined, no supplier can currently reliably confirm full CRA conformity.

What Wachendorff Prozesstechnik is already doing:

We have been working closely with our suppliers for over a year to prepare our product portfolio for the new requirements at an early stage.

Industrial PCs:

• Focus on operating systems with long update runtimes
• Use of Microsoft Windows LTSC and Canonical Ubuntu LTS
  → Both offer long-term security updates of at least 10 years
  → Important technical prerequisite for later CRA conformity
• The following series support TPM 2.0 (Trusted Platform Module) (with Win 11):
  AUHMI, FABS, ARCHMI, PhanTAM, NuTAM, AiTRON, ABOS, ViTAM-8B and ViTAM-9D support TPM 2.0.

Remote maintenance solutions (HMS Ewon & Talk2m):

• HMS already has an established ISO 27001 ISMSthat covers large parts of the CRA process landscape
• Ewon products already fulfill IEC 62443 - an essential technical building block for CRA implementation
• General information on cyber security

We are currently introducing step-by-step measures that all contribute to the goal of "CRA conformity".