Cyber Resilience Act Compliance Services

Cyber Resilience Act (CRA) compliance services that help organisations understand regulatory requirements, assess readiness, and prepare products with digital elements for compliance with Regulation (EU) 2024/2847.
Gabrielius Vinciūnas
Head of Information Security
Vitalis Kavaliauskas
Chief Technology Officer

CRA Compliance Offers

CRA gap analysis

Identify CRA compliance gaps and understand what actions are required before placing products with digital elements on the EU market.
Initial infrastructure review.
Product classification (Class I & II risks).
CRA product risk assessment.
Review of cyber security design practices.
Regulatory gap analysis.
Deliverables:
CRA compliance roadmap with prioritised remediation actions and compliance recommendations.
Program-and-project-management

Technical documentation & SBOM strategy

Support with preparing the documentation and evidence required to demonstrate CRA compliance.
Mandatory risk assessments.
Technical documentation preparation.
SBOM strategy development.
Automated SBOM generation processes.
Testing evidence collection.
Deliverables:
Audit-ready technical documentation package.
Process-automation

Pre-audit preparation

Preparation for CRA conformity assessment.
CRA conformity assessment.
Notified body preparation.
EU declaration of conformity CRA.
Deliverables:
EU Declaration of Conformity template.

CISO as a Service for CRA compliance

Ongoing cyber security leadership and advisory support for organisations preparing for and maintaining CRA compliance.
Virtual CISO support.
Security governance.
Ongoing security testing alignment
Vulnerability management processes.
Supply chain vendor assessments.
Deliverables:
Continuous CRA compliance oversight and cyber security guidance.

Our CRA Compliance Process

01

Gap analysis

We assess your products, processes, and security practices against CRA requirements and identify compliance gaps.
02

Compliance roadmap

Assessment findings are translated into a practical roadmap outlining remediation priorities, documentation requirements, and conformity assessment activities.
03

Secure development & SBOM implementation

We help establish secure software development lifecycle practices and implement Software Bill of Materials (SBOM) processes.

04

Conformity assessment & validation

We review documentation, security controls, and testing evidence to prepare products for CRA conformity assessment.

05

Ongoing advisory

We provide ongoing support for vulnerability management, security governance, supply chain security, and evolving CRA requirements.

Who We Help

>

Manufacturers of products with digital elements

Software products
IoT devices
Embedded browsers

Authorised EU representatives

Non-EU manufacturers
Regulatory representation
EU market access
ENISA regulations

Importers

Importers of Connected Tech
Product verification
Compliance obligations

Distributors

Product distribution
Market surveillance
Compliance verification

Why Baltic Amadeus

Cyber security & compliance expertise.

Experience with EU regulatory frameworks.

Practical implementation support.

Certifications

TÜV Thüringen certified ISO 9001 logo with red checkmark and website URL.
ISO 9001
Certification mark for TÜV Thüringen with a red checkmark and a red mask symbol.
ISO 27001
CISSP certification badge with white text on a green rounded square background.
CISSP
CISM Certified Information Security Manager logo with green circular design and blue text.
CISM

FAQ

How does Baltic Amadeus help customers with the CRA?

We help organisations assess readiness, prepare technical documentation, implement SBOM strategies, prepare for conformity assessments, and establish ongoing compliance processes.

Do non-EU companies need CRA compliance?

Yes. Any organisation placing products with digital elements on the EU market must comply with CRA requirements, regardless of where the company is based.

When does the Cyber Resilience Act (CRA) take effect, and what is the timeline?

The CRA entered into force in 2024. Vulnerability reporting obligations apply earlier, while most compliance requirements become mandatory from December 2027. Organisations should start preparing well before enforcement deadlines.

Case Studies

Related Services

Let’s talk about your project

Starting something new or need support for an existing project? Reach out, and our experts will get back to you within one business day.

Start the conversation

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.