Rutronik together with its partners 1ACUE, TÜV Süd and Infineon, is offering its customers practical support during implementation of the Cyber Resilience Act (CRA): EU legislation that mandates cybersecurity requirements for all connected products with a digital element sold onto the EU market.
However, electronics manufacturers, importers, and distributors are faced with significant challenges pertaining to complex requirements, short deadlines, and liability risks. Rutronik and its partners are helping address these challenges.
From 2027, products with a digital element may only be sold if they meet all the requirements of the CRA. These include risk classification, complete documentation of certificates and mannuals, and data sheets. It also includes a software bill of materials and security updates throughout the whole product lifecycle.
There are also strict reporting requirements for vulnerabilities. Companies who don’t comply are subject to penalties: up to €15 million or 2.5% of global group turnover, depending on which is greater. Depending on the risk class, the CE mark may no longer be issued by the manufacturer.
Importers will have the same responsibility as manufacturers in the future.
Rutronik is committed to transparency and education at an early stage. In June 2025, it organised an international CRA webinar day in collaboration with TÜV Süd, 1ACUE, and Infineon.
A presentation delivered by Stefan Würth, Head of Industrial and Automotive Cyber Security, TÜV SÜD Product Service, highlighted the central importance of the CRA for industry – particularly with regards to the upcoming certification requirements and the significant penalties for non-compliance. This was a clear wake-up call for affected companies to stop postponing the implementation of the compliance requirements.
Dr. Sergejs Rogovs, Chief Engineer Cyber Security, 1ACUE, provided valuable guidance in the complex web of new EU regulations such as CRA, NIS-2, and ETSI/RED. The focus was on providing practical answers to key questions, such as: which guidelines apply to whom? How can a legally compliant risk analysis be conducted? Which products are affected? How can compliance be ensured efficiently?
Participants also gained knowledge from Dr Detlef Houdeau, Senior Director of Business Development, Infineon Technologies, who spoke about Infineon’s involvement with an expert group set up by the EU Commission to define risk classes for electronic components. He provided insights into the ongoing standardisation risk, offering electronics manufactures an outlook on what to expect by the end of 2025.
As an interface between over 250 manufacturers and more than 40,000 customers worldwide, Rutronik supports its partners with more than just component supply. Rutronik also helps its partners evaluate and prepare for regulatory challenges. These include:
- Support with preliminary risk assessment of components
- Advice on new documentation, reporting, and update requirements
- Access to reliable supplier information
- Internally trained teams for CRA-relevant processes
“We see ourselves as bridge builders between technology suppliers, legislators, and OEMs,” said Bernd Hantsche, Vice President Technology Competence Center, Rutronik. “The CRA presents many of our customers with major challenges, but it also presents them with the opportunity to make their processes future-proof and resilient. We actively support them in this.”
Rutronik ultimately believes the CRA is an opportunity for manufacturers to distinguish themselves by prioritising quality and safety.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by visiting our LinkedIn page.
