Skip to main content

Cyber Resilience Act (CRA)

Regulation of Products with Digital Elements

The European Union Cyber Resilience Act (CRA) aims to safeguard personal and business consumers from cybersecurity threats, focusing on software and hardware products with digital elements. The CRA went into effect on Dec. 10, 2024 and requires security measures throughout a product's entire lifecycle. It emphasizes secure development processes, the ability to address vulnerabilities through updates, and mechanisms to remove personal information when necessary. The main requirements of the CRA go into effect on Dec. 11, 2027.

We support CRA compliance in two key ways. Many of our devices are directly subject to CRA regulations, and many others are integrated into hardware products that fall under these regulations. Our longstanding dedication to security means that numerous products have already been designed, developed, and manufactured in alignment with CRA objectives. As the CRA standards are finalized, we will ensure our products achieve full compliance within the designated enforcement timeline.

Renesas is committed to helping you find the resources you need as you work toward CRA compliance. From documentation and design resources to our network of security solution providers, we offer tools to help you understand what the CRA means for your products. Refer to this page for updates on how we are working to support CRA requirements. 

CRA Requirements

CRA requirements seek to enhance security for digital products in several ways, each with a specific purpose.

 CRA RequirementPurpose
Image
Secure Software Update icon
Secure Firmware UpdatesAddress security vulnerabilities and maintain up-to-date protection against the latest threats.
Image
Hardware Trust Anchor (HSM) icon
Unauthorized Access ProtectionProtect the operation and behavior of products and their associated data.
Image
Secure Gateway (Firewall) icon
Secure Data StorageProtect the confidentiality and integrity of stored data.
Image
Secure External Communication icon
Secure CommunicationProtect the confidentiality and integrity of transmitted data.
Image
Secure Processing for Trust Chain (Secure boot) icon
Secure BootProtect product operation and behavior.

It is important to reference official sources to determine CRA requirements as they pertain to your specific products and applications.

CRA Important Dates

DateDescription
December 10, 2024CRA takes effect. The Act has legal existence in the European Union legal order as of this date. It serves as the starting point for the enforcement timelines that are specified in the Act.
September 11, 2026All manufacturers of products with digital elements are required to report vulnerabilities and security incidents contained in their products.
December 11, 2027CRA is fully enforceable, and all its requirements must be complied with by manufacturers of products with digital elements.

Documentation

Downloads

Type Title Date
Software & Tools - Software Log in to Download ZIP 4.59 MB
Software & Tools - Software Log in to Download ZIP 8.01 MB
Software & Tools - Software Log in to Download ZIP 8.01 MB
Software & Tools - Software Log in to Download ZIP 8.99 MB
Software & Tools - Software Log in to Download ZIP 4.30 MB
Software & Tools - Software Log in to Download ZIP 4.29 MB
Software & Tools - Software Log in to Download ZIP 3.07 MB
7 items

Partner Solutions

Starting out in cybersecurity and trying to build a CRA-compliant product can feel overwhelming. The Renesas Ready Partner Network is an extensive and curated network of top security solution providers who know how to make the most of our device security features to meet CRA requirements.

Videos & Training

RX Family Secure Firmware Update

Sixth in the RX security video series – Renesas walks through the process of encrypting the application program and performing a Secure Firmware Update using the Renesas Secure Flash Programmer so that the plain text of the application program to be updated is not exposed when updating the application program.

Chapter's Title

0:00:00 Opening
0:00:23 Recommended Viewing
0:00:53 Secure Factory Programming
0:02:16 Secure Firmware Update
0:07:50 For more information