Secure CE Marking under the Cyber Resilience Act
CRA Cyber Resilience Act CE-Marking
CE marking under the Cyber Resilience Act (CRA) is essential for market access of digital products in the EU. We support you with complete conformity assessment and secure CE marking.
- ✓Legally sound CE marking in accordance with CRA requirements
- ✓Complete conformity documentation and evidence management
- ✓Ensuring EU market access for your products
- ✓Minimization of legal and liability risks
Your strategic success starts here
Our clients trust our expertise in digital transformation, compliance, and risk management
30 Minutes • Non-binding • Immediately available
For optimal preparation of your strategy session:
- Your strategic goals and objectives
- Desired business outcomes and ROI
- Steps already taken
Or contact us directly:
Certifications, Partners and more...
CE Marking Under the Cyber Resilience Act (CRA)
Our Expertise
- In-depth knowledge of the Cyber Resilience Act and EU legal framework
- Experience in conformity assessment procedures and CE marking processes
- Practical support with technical documentation
- Comprehensive consulting from analysis through to market launch
⚠
Legal Notice
CE marking under the CRA will be mandatory from 2027 for digital products with cybersecurity relevance. Early preparation is essential for timely market readiness.
ADVISORI in Numbers
11+
Years of Experience
120+
Employees
520+
Projects
We guide you through all phases of CE marking under the Cyber Resilience Act in a structured manner.
Our Approach:
Product analysis and CRA applicability assessment
Selection of the appropriate conformity assessment procedure
Execution of required tests and assessments
Preparation of complete technical documentation
CE marking and market launch clearance
"With ADVISORI, we found a reliable partner for CE marking under the Cyber Resilience Act. The professional guidance through the complex conformity process ensured the timely marketability of our products."
Sarah Richter
Head of Information Security, Cyber Security
Expertise & Experience:
10+ years of experience, CISA, CISM, Lead Auditor, DORA, NIS2, BCM, Cyber and Information Security
Our Services
We offer you tailored solutions for your digital transformation
CRA Applicability Analysis
Comprehensive assessment of CRA applicability to your products and their classification.
- Detailed product analysis and scope definition
- Classification according to CRA product categories
- Assessment of applicable security requirements
- Roadmap for the conformity assessment
Conformity Assessment and Documentation
Execution of the complete conformity assessment and preparation of all required documentation.
- Selection and execution of appropriate assessment procedures
- Technical documentation in accordance with CRA requirements
- EU declaration of conformity and CE marking
- Market surveillance and compliance monitoring
Our Competencies in CRA Cyber Resilience Act Conformity Assessment
Choose the area that fits your requirements
CRA Cyber Resilience Act External Audits
Professional support and preparation for external CRA audits by accredited testing bodies. We ensure successful certification and long-term compliance for critical digital products.
CRA Cyber Resilience Act Self-Assessment
Professional support for structured self-assessment under the EU Cyber Resilience Act. We guide you through the complete self-assessment process for compliant digital products.
Frequently Asked Questions about CRA Cyber Resilience Act CE-Marking
What does CE marking mean under the Cyber Resilience Act (CRA)?
CE marking under the CRA certifies that a digital product meets the EU essential cybersecurity requirements. From December 2027, it will be mandatory for all products with digital elements — software, IoT devices and connected hardware — sold on the EU market. Without CE marking, market access will no longer be permitted.
Which products require CRA CE marking from 2027?
The CRA applies to all products with digital elements that can be directly or indirectly connected to a network. This includes standalone software, operating systems, IoT devices, smart home products, industrial control systems, apps and embedded software. Only products already covered by specific EU regulations (e.g. medical devices, aviation) are exempt.
How does the conformity assessment for CRA CE marking work?
The path to CE marking involves five steps: 1) Product classification (Default, Class I, Class II or Critical), 2) Meeting the cybersecurity requirements from Annex I, 3) Performing the appropriate conformity assessment (self-assessment or third-party audit), 4) Preparing technical documentation and EU declaration of conformity, 5) Affixing the CE marking.
What is the difference between self-assessment and third-party audit under the CRA?
Default category products can perform an internal conformity assessment (self-assessment). Class I, Class II and critical products require assessment by an independent Conformity Assessment Body (Notified Body). The first CABs will begin operations from June 2026.
What are the key deadlines for CRA CE marking?
Key deadlines: From September 2026, manufacturers must report actively exploited vulnerabilities and serious security incidents. From June 2026, Conformity Assessment Bodies begin operations. From December 2027, all CRA requirements apply in full — no EU market access without CE marking.
What penalties apply for missing CRA CE marking?
Non-compliance with the essential cybersecurity requirements can result in fines of up to EUR
15 million or 2.5% of global annual turnover — whichever is higher. Additionally, national market surveillance authorities can order product recalls or market bans.
What must the technical documentation for CRA CE marking contain?
Technical documentation must include a risk analysis, description of cybersecurity measures, Software Bill of Materials (SBOM), test results, vulnerability management concept and evidence of compliance with Annex I requirements. This documentation must be retained for
10 years.
Success Stories
Discover how we support companies in their digital transformation
Digitalization in Steel Trading
Klöckner & Co
Digital Transformation in Steel Trading
Case Study
Results
Over 2 billion euros in annual revenue through digital channels
Goal to achieve 60% of revenue online by 2022
Improved customer satisfaction through automated processes
AI-Powered Manufacturing Optimization
Siemens
Smart Manufacturing Solutions for Maximum Value Creation
Case Study
Results
Significant increase in production performance
Reduction of downtime and production costs
Improved sustainability through more efficient resource utilization
AI Automation in Production
Festo
Intelligent Networking for Future-Proof Production Systems
Case Study
Results
Improved production speed and flexibility
Reduced manufacturing costs through more efficient resource utilization
Increased customer satisfaction through personalized products
Generative AI in Manufacturing
Bosch
AI Process Optimization for Improved Production Efficiency
Case Study
Results
Reduction of AI application implementation time to just a few weeks
Improvement in product quality through early defect detection
Increased manufacturing efficiency through reduced downtime
Let's
Work Together!
Is your organization ready for the next step into the digital future? Contact us for a personal consultation.
Your strategic success starts here
Our clients trust our expertise in digital transformation, compliance, and risk management
Ready for the next step?
Schedule a strategic consultation with our experts now
30 Minutes • Non-binding • Immediately available
For optimal preparation of your strategy session:
Your strategic goals and challenges
Desired business outcomes and ROI expectations
Current compliance and risk situation
Stakeholders and decision-makers in the project
Prefer direct contact?
Direct hotline for decision-makers
Strategic inquiries via email
Detailed Project Inquiry
For complex inquiries or if you want to provide specific information in advance