logo
Contact
Collaboration with companies
Lab services
R&D an Innovation Projects
Technological assets
Partly Owned Companies
Accreditations and Recognition
Cases of Success
Material laboratory
Electrical laboratory
Pharmaceutical laboratory
Food laboratory
mechanical testing laboratory
Fire safety testing laboratory
View all
Robotics, automation, and mechatronic control
Cybersecurity
Computer vision and visual interaction
Surface engineering
Artificial intelligence and Big Data
Metals
Nanotechnology
Polymers, composites and bio-based materials
Embedded electronic systems, power and control electronics
Software technologies
View all
Smart manufacturing
Digital transformation
Energy transition
Sustainable mobility
Health and Food
Urban ecosystem
Circular economy
View all
About us
Management organisational chart
Board of Trustees and Patrons
Join TECNALIA
Strategic alliances
Policies and certifications
Transparency
TECNALIA Ventures
myTecnalia
Locations
Work at TECNALIA
Join our team
News
Agenda
Press room
Blog
Downloadable materials
Contact

    How industrial cybersecurity is changing – Cyber Resilience Act

    1 June 2026

    Cyber Resilience Act

    “The Cyber Resilience Act (CRA) marks a turning point: connected products must be secure by design”

    Cyber Resilience Act and connected products: how industrial cybersecurity is changing

    The Cyber Resilience Act (CRA) marks a turning point: connected products must be secure by design. Beyond compliance, cybersecurity has become a key factor for competitiveness and resilience in increasingly interconnected industrial and digital environments.

    Cybersecurity, a new requirement for connected products

    Connected products are no longer just physical assets. Today, they are complex digital systems that integrate software, sensors and even artificial intelligence to operate and interact in real time. This development has a clear consequence: cybersecurity is no longer optional and becomes a structural requirement.

    In this context, the Cyber Resilience Act establishes a new condition for the European market: products with digital elements will have to meet cybersecurity requirements before being placed on the EU market.

    Change that starts with design

    The CRA introduces a profound transformation in the way connected products are developed. Security is no longer a final add-on but an integrated element from its conception. This involves:

    • Designing secure products from the origin.
    • Continuously manage vulnerabilities.
    • Ensuring software transparency through SBOM.
    • Maintaining responsibility for the product throughout its life cycle.

    More than an obligation – an opportunity

    While the CRA may be perceived as an additional requirement, it also opens up a clear opportunity: cyber resilience becomes a competitive differentiating factor.

    In an environment where a cybersecurity incident can disrupt operations or affect customer confidence, demonstrating that a product is secure provides tangible value and strengthens market positioning.

    Prioritising to take action

    One of the big challenges for organisations is deciding where to start. In complex environments, tools such as the Cyber Risk Mitigation Planner, which TECNALIA has, make it possible to analyse vulnerabilities and prioritise actions for their mitigation, thus facilitating decision-making in the field of cybersecurity.

    Towards a more resilient digital ecosystem

    The CRA is bringing about necessary transformation: connected products of the future will not only have to be efficient and functional, but also safe by design.
    In this new scenario, cybersecurity is no longer a requirement but the basis for competitiveness and industrial and digital resilience.

    Latest news