News

Build a CRA security compliance system to escort enterprises to go overseas with high quality

Author:CTTL-T Published at:2026-03-23

As the EU continues to strengthen cybersecurity regulations, the EU's Cyber Resilience Act (CRA) has become a mandatory regulation in Europe and a compliance access requirement for digital products to enter the EU market. The regulation establishes a unified cybersecurity baseline for all "products with digital elements", runs cybersecurity throughout the entire product life cycle, and implements differentiated hierarchical supervision based on the core functions and importance of the product.

On December 10, 2024, the Official Journal of the European Union officially released the Cyber Resilience Act (CRA), marking a critical stage in the implementation of the CRA. On June 11, 2026, EU member states will appoint an official compliance assessment body; On September 11, 2026, relevant manufacturers began to fulfill mandatory reporting obligations for vulnerabilities and serious security incidents; On December 11, 2027, all new products with digital elements will be subject to CRA mandate and must fully meet the requirements of the CRA before they can be marketed in the EU market.

The European Telecommunications Standards Institute (ETSI) has recently released a series of draft cybersecurity standards for CRA, including browsers, operating systems, VPNs, network devices, smart home products, wearable devices and other software and hardware products, providing unified cybersecurity technical requirements for different digital products to support digital products to comply with CRA regulations.

Relying on the technical accumulation and practical experience in the field of network and data security, the CTTL Terminal Labs (CTTL-T) of China Academy of Information and Communications Technology (CAICT) officially launched the CRA compliance assessment service. Focusing on CRA regulations and related standards, the laboratory provides enterprises with one-stop services for the whole process such as in-depth interpretation of regulations and standards, compliance gap analysis, technical documentation preparation, and security function testing, and sets compliance assessment paths for digital products of different types and application scenarios according to the security risk level of the product, so as to help enterprises build a digital product security development life cycle system.

At present, the laboratory has security certification capabilities such as EU EN 18031 and ETSI EN 303 645, as well as IT product information security certification capabilities of China Cybersecurity Review Technology and Certification Center (CCRC), and has completed the security evaluation and certification of hundreds of products such as chips, operating systems, application software and various hardware devices, covering smartphones, handheld terminals, Bluetooth headsets, smart bracelets, laptops, Internet of Things gateways and other categories. In the future, the laboratory will continue to deepen the field of network and data security technology, continuously improve the research and evaluation capabilities of CRA security compliance, and help enterprises build a complete CRA security compliance system with excellent technical strength and efficient support services, build a solid network security foundation, and escort enterprises to go overseas with high quality.

If you would like to inquire about CRA compliance assessment, please contact us!

Mrs. Yuan

13910330232
yuanqi@caict.ac.cn