Understanding the EU Cyber Resilience Act (CRA) and Renesas’ Commitment to Compliance

Regulation of Products with Digital Elements

The European Union Cyber Resilience Act (CRA) aims to safeguard personal and business consumers from cybersecurity threats, focusing on software and hardware products with digital elements. The CRA went into effect on Dec. 10, 2024 and requires security measures throughout a product's entire lifecycle. It emphasizes secure development processes, the ability to address vulnerabilities through updates, and mechanisms to remove personal information when necessary. The main requirements of the CRA go into effect on Dec. 11, 2027.

We support CRA compliance in two key ways. Many of our devices are directly subject to CRA regulations, and many others are integrated into hardware products that fall under these regulations. Our longstanding dedication to security means that numerous products have already been designed, developed, and manufactured in alignment with CRA objectives. As the CRA standards are finalized, we will ensure our products achieve full compliance within the designated enforcement timeline.

Renesas is committed to helping you find the resources you need as you work toward CRA compliance. From documentation and design resources to our network of security solution providers, we offer tools to help you understand what the CRA means for your products. Refer to this page for updates on how we are working to support CRA requirements.

CRA Requirements

CRA requirements seek to enhance security for digital products in several ways, each with a specific purpose.

	CRA Requirement	Purpose
Image	Secure Firmware Updates	Address security vulnerabilities and maintain up-to-date protection against the latest threats.
Image	Unauthorized Access Protection	Protect the operation and behavior of products and their associated data.
Image	Secure Data Storage	Protect the confidentiality and integrity of stored data.
Image	Secure Communication	Protect the confidentiality and integrity of transmitted data.
Image	Secure Boot	Protect product operation and behavior.

It is important to reference official sources to determine CRA requirements as they pertain to your specific products and applications.

European Commission Cyber Resilience Act
Official Journal of the European Union – the official text of the Cyber Resilience Act

CRA Important Dates

Date	Description
December 10, 2024	CRA takes effect. The Act has legal existence in the European Union legal order as of this date. It serves as the starting point for the enforcement timelines that are specified in the Act.
September 11, 2026	All manufacturers of products with digital elements are required to report vulnerabilities and security incidents contained in their products.
December 11, 2027	CRA is fully enforceable, and all its requirements must be complied with by manufacturers of products with digital elements.

Documentation

Downloads


Type	Title	Date
Software & Tools - Software	RZ MPU Security Package for RZ/V2N v1.0.0 Log in to Download ZIP 4.59 MB	Mar 28, 2025
Software & Tools - Software	RZ MPU Security Package for RZ/N2H v1.0.1 Log in to Download ZIP 8.01 MB	Dec 27, 2024
Software & Tools - Software	RZ MPU Security Package for RZ/T2H v1.0.1 Log in to Download ZIP 8.01 MB	Dec 27, 2024
Software & Tools - Software	RZ MPU Security Package for RZ/G v1.4.3-update2 Log in to Download ZIP 8.99 MB	Oct 31, 2024
Software & Tools - Software	RZ MPU Security Package for RZ/V v1.4.3-update1 Log in to Download ZIP 4.30 MB	Oct 31, 2024
Software & Tools - Software	RZ MPU Security Package for RZ/V2H v1.0.1-update1 Log in to Download ZIP 4.29 MB	Sep 30, 2024
Software & Tools - Software	RZ MPU Security Package for RZ/Five v1.0.2 Log in to Download ZIP 3.07 MB	Apr 26, 2024
7 items

Partner Solutions

Starting out in cybersecurity and trying to build a CRA-compliant product can feel overwhelming. The Renesas Ready Partner Network is an extensive and curated network of top security solution providers who know how to make the most of our device security features to meet CRA requirements.

RA Partners

32-bit MCUs with Arm Cortex-M Core

RL78 Partners

Low-Power 8-Bit & 16-Bit MCUs

RX Partners

32-Bit Performance/Efficiency MCUs

RZ Partners

32 & 64-Bit MPUs

Videos & Training

RX Family Secure Firmware Update

Sixth in the RX security video series – Renesas walks through the process of encrypting the application program and performing a Secure Firmware Update using the Renesas Secure Flash Programmer so that the plain text of the application program to be updated is not exposed when updating the application program.

Chapter's Title

0:00:00 Opening
0:00:23 Recommended Viewing
0:00:53 Secure Factory Programming
0:02:16 Secure Firmware Update
0:07:50 For more information

Video List

RX Family Secure Firmware Update

Events & Webinars

Webinar

Realizing Autonomous Secure IoT Devices with RX MCU Security Solution Watch Now

Webinar

Security for the Connected World with Renesas MCUs Watch Now

Webinar

Securing your IP and protecting sensitive data with Renesas MCUs Watch Now

News & Blog Posts

Renesas Teams Up with Applus+ Laboratories to Achieve PSA Certified Level 1 with CRA Extension for Three New MCU Groups	News	Feb 27, 2025
Essential Security Measures to Safeguard Against Threats in IoT Devices	Blog Post	May 19, 2023
Renesas Round-Up: A Q&A with Roger Wendelken on Trends Shaping Industrial MCUs	Blog Post	Mar 29, 2023