Onekey has introduced a programme called “CRA Fast Start” that allows manufacturers of networked devices, machines, and systems to efficiently and systematically verify their products’ compliance with the new EU security standard, the Cyber Resilience Act (CRA).
According to estimates, the cybersecurity directive affects hundreds of millions, if not billions, of digital products in the EU. After the transition periods have expired, products will only be permitted to be placed on the market if manufacturers can demonstrate continuous vulnerability management, documented security processes, and ongoing monitoring of their software and firmware components throughout the entire product life cycle. Onekey’s “CRA Fast Start” is accordingly based on three pillars: CRA Readiness Assessment, systematic vulnerability management, and continuous monitoring.
The programme is designed for organisations at different stages of Cyber Resilience Act Readiness. For manufacturers approaching the CRA for the first time, the assessment provides structured guidance and an initial orientation. Companies already familiar with the regulation and seeking faster implementation can move directly into vulnerability management and continuous firmware monitoring.
Additionally, a compliance check and a Onekey Compliance Wizard support the initial CRA compliance review. The Onekey Compliance Wizard is continuously developed and adapted to future regulatory requirements and expected harmonised standards.
“With CRA Fast Start, we enable manufacturers to systematically and quickly implement the required CRA compliance,” said Jan Wendenburg, Onekey’s CEO, explaining the new offering.
A key component of the new programme is an initial, structured CRA Readiness Assessment. This assessment involves analysing a company’s current level of maturity in relation to CRA requirements. In addition to product requirements, the assessment examines processes for addressing vulnerabilities, software bills of materials (SBOMs) documentation, and organizational responsibilities, among other things.
Based on the results, compliance gaps can be identified and prioritised action steps can be defined. Onekey particularly recommends this assessment to companies that are unsure of the extent to which they are affected by the CRA and what they need to do.
According to Onekey, the CRA requires manufacturers to systematically identify, assess, and remedy vulnerabilities throughout the entire product lifecycle, among other things.
The company goes on to stress that there is no time to waste. Starting in 2026, the Cyber Resilience Act stipulates that actively exploited vulnerabilities must be reported to national authorities within 24 hours. Starting in 2027, all affected products must meet the full security requirements, including documented vulnerability management processes. Companies that fail to meet these deadlines risk fines of up to €15 million or 2.5 percent of their global annual turnover
