logo
Contact
Collaboration with companies
Lab services
R&D an Innovation Projects
Technological assets
Partly Owned Companies
Accreditations and Recognition
Cases of Success
Material laboratory
Electrical laboratory
Pharmaceutical laboratory
Food laboratory
mechanical testing laboratory
Fire safety testing laboratory
View all
Robotics, automation, and mechatronic control
Cybersecurity
Computer vision and visual interaction
Surface engineering
Artificial intelligence and Big Data
Metals
Nanotechnology
Polymers, composites and bio-based materials
Embedded electronic systems, power and control electronics
Software technologies
View all
Smart manufacturing
Digital transformation
Energy transition
Sustainable mobility
Health and Food
Urban ecosystem
Circular economy
View all
About us
Management organisational chart
Board of Trustees and Patrons
Join TECNALIA
Strategic alliances
Policies and certifications
Transparency
TECNALIA Ventures
myTecnalia
Locations
Work at TECNALIA
Join our team
News
Agenda
Press room
Blog
Downloadable materials
Contact

    CRA and NIS2: how to approach the new European cybersecurity requirements

    Curso_CRA

    Date

    15 May 2026

    Venue

    Auditorium on the Bizkaia Technology Park. Building 101

    Time

    9:00 am - 1:30 pm

    Price

    Free

    Cybersecurity and European regulation: how to prepare for the CRA and the NIS2 Directive

    The new European regulatory framework on cybersecurity poses significant challenges for companies that develop, integrate or operate digital technologies. In this context, TECNALIA is analysing the implications of the Cyber Resilience Act (CRA) and the NIS2 Directive, and sharing practical tools and approaches to help organisations understand their impact and anticipate their requirements.

    TECNALIA is taking part in this meeting to analyse the Cyber Resilience Act and the NIS2 Directive, addressing how these regulatory frameworks affect companies of various sectors and sizes, and what keys are essential to effectively prepare for the new European cybersecurity requirements.

    A new regulatory landscape in cybersecurity

    The European Union is moving towards a more demanding regulatory framework with the aim of strengthening the security of digital products and services.

    • The Cyber Resilience Act (CRA) establishes mandatory cybersecurity requirements throughout the entire life-cycle of products with digital elements, from design and development to withdrawal from the market, directly linking compliance to access to the European market.
    • The NIS2 Directive, applicable from October 2024, increases risk management, governance and incident response obligations for organisations in critical and relevant sectors.

    In this conference, TECNALIA will analyse how both regulatory frameworks interact with each other, their real impact on business activity and their strategic implications at a technological and organisational level.

    Technical, organisational and legal implications

    The meeting will provide a clear and applied overview of the main obligations these regulations impose on manufacturers of connected products, developers of software and technology service providers.

    • It will address key issues such as essential cybersecurity requirements, vulnerability management, security updates, technical documentation and conformity assessment processes required to operate in the European market.
    • It will also analyse the specific impact of the NIS2 Directive on SMEs and organisations providing critical services to third parties, focusing on its technical, organisational and legal implications, and how to integrate these requirements effectively into business management and decision-making.

    Practical tools and case studies

    • The conference includes a practical demonstration of SAC Composer, a tool to address CRA compliance in a structured, systematic and traceable way.
    • Realistic action plans will also be presented to move forward in NIS2 compliance and the mapping of this directive with other regulations and reference standards will be shown.
    • The programme is rounded off with a practical case study that translates legal and technical requirements into real company situations, facilitating the understanding of how to convert regulations into concrete operational decisions.

    Expert knowledge and networking

    Speakers will include Javier Puelles and Iker Lasa, TECNALIA colleagues with extensive experience in cybersecurity and digital technologies, and Ander Galisteo, Director of Industrial Cybersecurity at Cybertix.

    The conference will conclude with a networking space to facilitate the exchange of experiences between speakers and attendees.

    Key contents

    • Essential requirements of the Cyber Resilience Act and obligations of economic operators
    • Compliance assessment, vulnerability management and associated CRA documentation
    • Main technical and organisational requirements of the NIS2 Directive
    • Practical measures for NIS2 compliance and integration with other regulations
    • Tools and examples for creating a realistic action plan

    Aimed at:

    • Companies manufacturing connected products or products with digital components
    • Software, firmware, application and embedded component developers
    • Technology service, cloud or digital infrastructure providers
    • Heads of cybersecurity, IT, quality, development, compliance and product management
    • Technical, legal and management teams involved in regulatory compliance

    *This conference will be held in several locations on different dates, with the same content and approach in all sessions.

    Check out the full programme and register to anticipate the new European cybersecurity requirements and build your organisation’s resilience.

    Auditorium on the Bizkaia Technology Park. Building 101

    Book your place!
    Register for the event