The Cyber Resilience Act (CRA) is a regulation designed to enhance cybersecurity for products mainly sold in Europe. It establishes common cybersecurity standards for hardware and software, requiring manufacturers to build security into their products from design through the products’ complete lifecycle. It’s this latter concept that can be troubling, as sometimes devices stay in use for a long, long time. 

So what’s a manufacturer to do? That’s the concept that was on the table for this week’s Embedded Executives podcast with Eystein Stenberg, founder and CTO of Northern.tech.