EU Cyber Resilience Act raises many questions: Leading IoT security conference CYBICS provides information in November

  • How are the mandatory requirements for manufacturers to be implemented?
  • The 8th CYBICS provides first-hand answers: A policy officer from the EU Commission in Brussels will explain the current status.
  • When and where: Frankfurt am Main, 28. November 2023 at the House of Logistics and Mobility (HOLM).

Duesseldorf / Frankfurt am Main, September 28th, 2023 – As the Cyber Resilience Act (CRA-E) comes into force, more questions are arising for manufacturers and distributors of smart devices. In the future, companies will be responsible for managing security risks – and the EU law provides drastic penalties, which can already imposed if deadlines are missed. The CYBICS conference (German language) will take place for the eighth time on November 28, 2023 – and for the second time this year it will be dedicated exclusively to the topic of cyber resilience and CRA-E. Under the title “Compliance, Security and Best Practices: the Cyber Resilience Act”, the conference will take plaece in Frankfurt am Main under the auspices of isits AG International School of IT Security together with partners such as the IoT/OT cybersecurity expert ONEKEY, representatives of the European Commission, experts from the certification body Bureau Veritas and from CERT@VDE. The CYBICS keynote will be given by a policy officer from the European Commission, who will provide an update on the CRA-E as a representative of the Brussels authorities. All representatives from business and industry are invited, as in the future all companies will also have to comply with the rules and requirements of the CRA-E when manufacturing and marketing electronic products.

High requirements, fast implementation

For the first time, the Cyber Resilience Act shifts responsibility for the secure operation of devices with digital elements – from mass-market items such as smart watches to routers, access control systems, printers and industrial control systems – from users to manufacturers. “Network operators will continue to be responsible for their security. But device manufacturers and vendors will have to meet much stricter requirements at the design and marketing stages. This applies not only to IT security itself, but also to processes and reporting requirements. At the moment, there is a lot of uncertainty in the business community because, in addition to EU legislation, coordination with local authorities is still outstanding. However, this should not lead to any delays, as the CRA-E will become effective in all EU countries immediately after its final adoption,” says Jan Wendenburg, CEO of CYBICS’s co-organiser ONEKEY. ONEKEY is Europe’s leading provider of automated product cybersecurity and compliance solutions, and operates a highly automated analysis and management platform (PCCP) that helps manufacturers of smart devices and equipment meet the upcoming requirements of the EU Commission’s Cyber Resilience Act, and is already capable of analysing the individual software components of a device in detail and assessing them for risk.

High level of interest in the industry

This huge paradigm shift in regulatory requirements is accompanied by growing uncertainty. CRA-E is a potential source of conflict in many areas, not least in relation to open source software used in devices and their firmware. “Few issues have generated as much resonance and discussion among manufacturers over the past decade as the new EU legislation surrounding the Cyber Resilience Act. As the organisers, we are responding to this need with a second CYBICS conference later this year to provide manufacturers with concrete guidelines and support that are already geared towards practical use in companies,” says Birgitte Baardseth of isits AG International School of IT Security, which is organising the event together with renowned partners such as CERT@VDE, experts from the EU Commission and the cyber resilience experts from ONEKEY.


ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.



Sara Fortmann

Marketing Manager


euromarcom public relations GmbH

+49 611 973 150