EU Cyber Resilience Act (CRA) | European Cyber Resilience Act

The European Cyber Resilience Act (CRA) is the European Commission's new law focused on products with digital elements. It is part of a larger cybersecurity framework that already includes similar requirements such as, for example, the EU Cybersecurity Act, NIS Directive, and, in particular, the NIS2 Directive, which the CRA complements.

Learn how effective risk analysis and threat modeling can simplify CRA compliance and strengthen embedded device security - Watch Now!

Product-Specific

According to the CRA, Products must be:

Delivered without known vulnerability
Include Free Security Patches for at least 5 years, unless the product's estimated lifetime is shorter
Protected with a Security-by-Design approach

Handling Vulnerabilities

Device manufacturers must be able to:

Provide documentation of the Software used, including the Software Bill of Materials (SBOM)
Give early warning in 24h and a full notification in 72h about any vulnerabilities
Address vulnerabilities and provide patches with no delay

Information & Instruction

The following details should be readily available and well-documented:

The intended use of the product
How to remove data from the devices
A description of the product's security features

Torizon Platform is recognized for its robust build system based on the Uptane Framework, which facilitates the creation of custom Linux distributions for embedded systems, playing a crucial role in the development of secure products and applications. Using the Torizon Platform, you are taking advantage of shared collaboration and established best practices, which meet a key requirement of the CRA, including the Software Bill of Materials (SBOM) and CVE reports.

Software Bill of Materials (SBOM)

You want to know exactly what goes into your Software. We publish the SBOMs and CVE reports on every TorizonCore build. They are readily and publicly available, making it easier to comply with vulnerability-handling and documentation requirements.

Secure Boot

Secure Boot is the process of booting an image from a valid trusted source — related to the authenticity check specification — while ensuring it has not been modified in any way, complying with the CRA's integrity clause.

Proven Security Framework

Torizon is built with automotive-grade security in mind, thanks to its Uptane-based architecture. Along with Secure-Boot, it guarantees that what you think you're installing is indeed what is being installed. Furthermore, it prevents tampering with the image.

Reliable Updates Process

Torizon offers out-of-the-box, over-the-air, or physical offline updates via a USB stick or SD Card. This process is secure and verifiable due to several layers of validation and fallback systems that ensure your devices keep working at all times.

Vulnerability Manager

The Torizon security team continuously monitors software for exploitable vulnerabilities, to help you comply with this key requirement of the CRA. Each CVE (often more than 800) undergoes a manual assessment in order to filter out the non-exploitable ones - saving you time and effort compared to managing this process yourself.

Device Monitoring

The Torizon platform allows you to check in on any unit, at any time. It also allows you to customize the metrics you'd like to keep track of, such as CPU performance, the device's temperature, overall status, and more. This allows you to preempt any vulnerabilities and roll out patches promptly.

Webinar

Making Cybersecurity Compliance Easier with NXP, Doulos, and Torizon: Risk Analysis and Threat Modeling

Watch Now

Video

How TI and Toradex streamline cybersecurity, usability and time to market

Watch Now

Webinar

Simplify Development and Cybersecurity Compliance with Texas Instruments' Family of MPUs

Watch Now

Blog

The Cyber Resilience Act is here

Learn More

Blog

Getting Ready for the EU Cyber Resilience Act with Security Hardening of U-Boot

Learn More

Webinar

Get a head start on EU Cyber Resilience Act compliance with Embedded Linux

Watch Now

Webinar

Are you really ready for the new EU Cyber Resilience Act?

Watch Now

Video

CVE Monitoring with Torizon

Watch Now

Threat Modeling

May 29, 2026

Making Cybersecurity Compliance Easier: Risk Analysis and Threat Modeling

In this webinar, we will help you understand how to implement a risk assessment strategy that’s aligned with evolving regulatory requirements. It’s useful for anyone interested in maximizing the security of connected devices, but essential viewing if you're leading development, product security or compliance.

Jenirathese Nadar,

System Sales Lead - Security, NXP Semiconductors

Adrian Thomasset,

Senior Member Technical Staff, Doulos

Jon Oster,

Torizon Security - Principal Architect, Toradex

Threat Modeling

May 06, 2026

Embedded Threat Modeling: Overcoming CRA Cybersecurity Challenges

In this webinar, we will introduce the concept of formal threat modeling, explain how structured threat modeling frameworks can help organizations address Cyber Resilience Act (CRA) requirements, and demonstrate how Toradex System on Modules and Torizon OS help reduce cybersecurity residual risk in embedded systems.

Jon Oster,

Torizon Security - Principal Architect, Toradex

Stefano Viola,

Torizon R&D, Director, Toradex

Cybersecurity

Aug 21, 2025

How TI and Toradex streamline cybersecurity, usability and time to market

Discover how the partnership between Toradex and Texas Instruments (TI) boosts embedded Linux security and supports compliance with the EU Cyber Resilience Act (CRA) and the FDA cybersecurity guidance . Learn how Torizon OS enables secure, efficient development on Toradex SoMs like the Verdin AM62 and Aquila AM69, and how TI integrates Torizon OS into AM62x, AM62P, and AM67 BeagleY-AI starter kits, with broader support coming soon.

Jonathan Humphreys,

Software Senior Member - Technical Staff, Texas Instruments

Daniel Lang,

CMO, Toradex

Secure Boot

Aug 1, 2024

Out-Of-The-Box Secure Boot and Support with Torizon

Torizon now supports Raspberry Pi, generic x86, RISC-V, and many other platforms, providing more flexibility and options for developers! Discover how Torizon is leading the way with secure boot support on the Texas Instruments AM62 System on Module and what's next on the roadmap for enhanced security features.

Sergio Prado,

Trainer and Consultant, Founder of Embedded Labworks

Cybersecurity

Jul 23, 2024

Cybersecurity Compliance with Savoir-faire Linux and Torizon

Discover how Savoir-faire Linux is leveraging Torizon to facilitate secure boot, manage software vulnerabilities, and support a comprehensive Software Bill Of Materials (SBOM) to enhance security from the ground up for customers.