IoT devices put on the market after November 2024 have to comply with the CRA!
Gone are the days of lax security – secure-by-design is now the law of the (development) land . Patching up vulnerabilities after the fact won't cut it anymore – proactive threat mitigation, vulnerability assessments, and secure updates become the norm. But with limited resources and entrenched development models, adapting to this paradigm shift will be no mean feat.
The European legislations grasp extend beyond initial compliance, demanding continuous monitoring throughout the device's lifespan. Newly discovered software vulnerabilities can render your once-compliant device or software into a potential threat. But ensuring this perpetual state of cybersecurity is daunting. Resources stretch thin, and hidden flaws can hide in the shadows.
Internal resources, already stretched thin, may buckle under the burden of revamped processes, specialized expertise, and ongoing monitoring infrastructure. The CRA is a feat made for security giants, not smaller innovator. Collaboration, innovative solutions, and regulatory support from i46 will be crucial to ensure CRA compliance does not become a luxury.
The Cyber Resilience Act (CRA) in the European Union has raised the bar for IoT device security. i46 is here to help manufacturers and distributors navigate this new regulatory landscape.
For them, we offer comprehensive services, including initial and full assessments to identify security gaps, certification guidance to ensure compliance, and ongoing monitoring to maintain device security.
For non-EU companies, we also provide EU representation services.
Our state-of-the-art laboratory, equipped with a private 5G network, allows us to test even the most unconventional IoT devices, including those without operating systems, ensuring compliance for a wide range of devices.
By partnering with i46, IoT manufacturers can not only meet the requirements of the CRA but also enhance the security of their IoT devices, benefiting both their business and their customers.
Every journey begins with a single step.
With us, your path to CRA compliance starts with a swift and thorough Initial Assessment. This first phase, lasting just one working day, is entirely free of charge and designed to quickly determine if your product aligns with our certification capabilities.
In Phase 2, we uncover the exact changes your product needs to undergo in order to become CRA compliant. Our experts conduct a comprehensive assessment, leaving no stone unturned to ensure your product aligns with the stringent requirements of these European regulations.
Reaching compliance is now within sight.
Phase 3, Certification, seals the deal, ensuring your IoT devices are not only secure but recognized as such.
During this phase we ensure that the issues identified in Phase 2 have been addressed and establish the EU Authorized Representative contract, fulfilling the requirement for non-EU companies to have a Representative in the EU.
In Phase 4, i46 focuses on continuous monitoring, ensuring your devices remain compliant with the Cyber Resilience Act throughout the lifetime of your devices. During this phase, we will conduct annual reviews of your product, and may exercise our mandate as EU Authorized Representatives if the occasion to do so arises.
↙
Includes EU Authorised Representative Services !
Every journey begins with a single step. And with us, that first step towards compliance is remarkably swift, thorough, and completely free. The Initial Assessment a one-day dive into your product's security posture, designed to clarify your path forward.
Our dedicated experts will scrutinize your documentation, architecture, and development processes. Within a day, you will receive a clear roadmap for achieving a robust, CRA-compliant future.
• General product description
• Certification Approval : In most cases, we will confirm your product's eligibility for i46 certification within one working day.
The Full Assessment is a meticulous and comprehensive evaluation of your product or software, designed to provide you with a clear roadmap for achieving compliance.
Our experts will delve into every aspect of your product: architecture, security posture, development processes, data handling, and potential vulnerabilities. No detail is overlooked as we analyze your product against the stringent CRA standards.
The result is a personalized action plan, outlining the precise adjustments needed to ensure your product meets all compliance criteria.
• Design documents (if available),
• A detailed list of changes required for certification, pinpointing areas for improvement and ensuring compliance with the CRA's robust security standards.
Building on the roadmap built in the previous phase, this phase takes your product on a transformative journey towards CRA compliance.
We focus on two key objectives: ensuring that all identified vulnerabilities identified earlier have been fixed and generating comprehensive compliance documentation.
This phase is more than just technical wizardry; it is the guarantee of CRA compliance At the end of this phase, we hand you the keys to compliance, empowering you to navigate the CRA landscape with confidence and ease.
• All issues uncovered during the assessment have been meticulously addressed,
• Certification documents that attest to your device's compliance: EU Certificate of Conformity, Technical Documentation and CE marking,
Non-EU companies looking to sell their connected devices and software in the European market face a hurdle: the Cyber Resilience Act demands a designated EU Authorised Representative.
This trusted legal entity acts as your bridge to the EU, ensuring your products comply with the Act's reporting requirements and assessment requirements.
But what exactly does it mean to have an Authorised Representative ? Think of it as a business and technical partner. From handling technical documentation and conformity assessments to dealing with authorities and responding to incidents, your representative becomes your voice in the EU.
This is where i46 revolutionizes the game. Unlike other providers who charge hefty fees for this essential service, i46 includes EU Authorized Representation as part of its basic package. This means unparalleled accessibility and affordability – a game-changer for smaller companies and startups who might otherwise be priced out of the European market.
With i46 as your EU Authorized Representative, you gain an experienced partner, not just a compliance checkbox
Achieving CRA compliance is a crucial first step, but ensuring your product remains compliant is a marathon, not a sprint.
In this phase, Continuous Monitoring, is where i46.io becomes your unwavering guardian, safeguarding your CE certification and, hence, CRA compliance throughout your product's lifecycle.
• i46.io Server as Your Compliance Guardian: All CRA-compliant devices leverage the i46.io server for continuous monitoring, ensuring timely detection and response to potential threats,
• Automatic Notifications, Keeping Everyone Informed : In case of a security issue, we automatically notify both end users and relevant authorities, aligning with legal requirements and fostering transparency,
↙
╰┈➤