AI-Driven. Expert-Guided Simplifying CRA for SMEs

Our Project Story

Welcome to Project CRA-AI

The CRA-AI project will create a highly automated AI-based software platform to support SMEs and micro-enterprises at every stage of their journey to ensure conformity with the provisions of the Cyber ​​Resilience Act”.  The project is co-funded by the European Commission and supported by the  European Cybersecurity Competence Centre through the Digital Europe Programme, within the call DIGITAL-ECCC-2024-DEPLOY-CYBER-06-COMPLIANCECRA, type of action: DIGITAL JU SME Support Actions.

The overall objective of the CRA-AI project is to develop an automated software platform that will guide organisations through the process of obtaining and maintaining the CE Mark, in line with the requirements of the Cyber ​​Resilience Act (CRA). This legislation is an important part of the EU Cybersecurity Strategy and will establish a CE Mark for cybersecurity. The application of the mark on a digital product or service requires manufacturers to demonstrate that they meet the relevant cybersecurity standards, including the essential requirements in Annex 1 and the documentation obligations in Annex 2 of the CRA. As identified in the Impact Assessment carried out by the European Commission, achieving this will be challenging for many organisations, in particular small and medium-sized enterprises (SMEs). To support the widespread adoption of the CRA, this project will develop an automated software platform that will guide organisations through the process of obtaining and maintaining the CE Mark. The platform will include the features necessary for full alignment with the requirements of Annexes 1 and 2 of the CRA, including any common specifications created with regard to the essential requirements.

The project consortium bring together cyber security expertise from six member states including Ireland, Spain, France, Belgium, Romania and Lithuania.  Each consortium member bring specific skills and capabilities in order to address the complex requirements of the Cyber Resilience Act.  Our experts span domains such as software development, AI, CRA expertise, IoT and OT certification, EUCC, vulnerability handling, secure code analysis, penetration testing and training.