{"id":80443,"date":"2026-03-23T10:28:31","date_gmt":"2026-03-23T09:28:31","guid":{"rendered":"https:\/\/fhi.nl\/?post_type=news&p=80443"},"modified":"2026-03-23T10:32:09","modified_gmt":"2026-03-23T09:32:09","slug":"hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan","status":"publish","type":"news","link":"https:\/\/fhi.nl\/en\/news\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/","title":{"rendered":"How to make embedded systems and IoT products CRA-compliant: a step-by-step plan"},"content":{"rendered":"
\n\n\t\n\t\t\t
<\/div>\n\t\n\t
\n\t\t
\n\t\t\t
\n\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t

\n\t\t\t\t\tHow to make embedded systems and IoT products CRA-compliant: a step-by-step plan\t\t\t\t<\/h1>\n\n\t\t\t\t
\n\t\t\t\t\t<\/svg>\t\t\t\t<\/div>\n\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\n\t\t\t\t\t\t\t
\n\n\t\t\t\t\t\n\t\t\t\t\t\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\n\t\t\t\t\t\n\t\t\t\t\t\n\t\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t<\/div>\n<\/header>\n\n\t
\n\t
\n\t\t
\n\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
Branch<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\tIndustrial Electronics\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\n\t\t\t\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n\n
\n\t
\n\t\t\t\t\t\t
\n\t\t\t

The hack at Odido in early 2026 makes it clear once again how important cybersecurity is for the business world. In addition to the material damage, which likely runs into the millions, the reputational damage to Odido cannot be expressed in monetary terms. This could happen to your company too, warn Bram Blaauwendraad and Gaurav Raina of the cybersecurity consulting firm Veritas. <\/strong><\/p>\n

FHI spoke with both security experts about what companies can do now to get their cybersecurity in order and to be compliant with the Cyber Resilience Act (CRA) on time.<\/strong><\/p>\n

The CRA is aimed solely at increasing the cybersecurity of digital products and services within the European Union. Bram and Gaurav provide during the D&E event<\/a>, on April 14 in Den Bosch, a keynote about this new law. They will zoom in on the practical application in the business world based on their experience with RED 3.3, the European directive regulating the security of radio equipment.<\/p>\n

As a Senior Security Consultant Service Lead, Gaurav is well-versed in RED 3.3 and uses that knowledge to address the uncertainties surrounding the CRA. \u201cRED 3.3 is, so to speak, the little sister of the CRA,\u201d Gaurav begins. \u201cBut the approach of the CRA is broader. It is not just about the device \u2013 the software and the hardware \u2013 but also about the design of the backend and the interconnectivity. How do you ensure that devices communicate securely with each other, even in critical environments? And how do you test devices, apps, and backends in a secure manner?\u201d<\/p>\n

Take action<\/h2>\n

\u201cThe full CRA obligations for new products apply from December 11, 2027, but the advice is to start preparations now. Not only because it is 'nice' to be compliant, but also to prevent business damage like at Odido,\u2018 the security specialist continues. He gives another example: \u2019In 2021, an unsecured reset flaw in Western Digital's 'My Book Live' led to massive remote wipes <\/em>of devices that were connected to the internet. The lessons learned, such as establishing support periods, securing default configurations, and performing post-market vulnerability management, are all matters that the CRA now mandates (with reporting starting September 11, 2026).\u201d<\/p>\n

The examples underscore the societal relevance of the CRA. \u201cCompanies are willing, but often don't know how to go about it. They are looking for practical tools, and that is exactly what Bram and I want to provide them during our presentation at the D&E event.\u201d<\/p>\n

Horizontal and vertical<\/h2>\n

A major challenge for the industry and Bureau Veritas is the fact that the technical standards have not yet been officially harmonized. Gaurav: \u201cThe CRA works with two types of standards: horizontal and vertical. Horizontal standards are broadly applicable and focus on general principles of cybersecurity. Vertical standards are specific to certain sectors or industries and take into account the unique characteristics and risks involved. The standards are still under development, but the CRA legal text has already been established. That text forms the basis for our policy.\u201d<\/p>\n

Insecurity<\/h2>\n

Companies find the uncertainty surrounding the harmonization of standards difficult, but according to de Gaurav, the biggest challenge lies in the supply chain. \u201cCRA assigns responsibilities to manufacturers but demands end-to-end assurance throughout the entire supply chain. In practice, this means that you cannot comply with the rules if your suppliers are not compliant. As an entrepreneur, you must therefore consider not only your own company but also supplier compliance. Moreover, it is not always clear where the responsibilities lie.\u201d<\/p>\n

Secure by design<\/h2>\n

Gaurav's colleague Bram, working as a Senior Security Consultant, joins the conversation. \u201cCompanies need clear advice: how do we tackle this? We address this by developing practical documentation for our clients. For example: a requirement from the CRA is that every product is fundamentally 'secure by design'. We have written a plan in which we explain step-by-step how to create such a secure design and what a company needs to take into account.\u2018<\/p>\n

\u201cIt is important that engineers can easily work with the guidelines and that they are part of the normal workflow. <\/em>Think of tips and checks that automatically appear in IDEs, pipelines, and templates. Organizations that manage this well become CRA-compliant much faster than organizations that rely solely on policy.\u201d<\/p>\n

Customized solutions<\/h2>\n

Bram continues: \u201cThe CRA impacts the entire development process, so it is essential to start the preparations on time. For companies that deliver complete solutions consisting of multiple components, the risk lies in the connection between those components. If a customer wants to deviate from the standard architecture (engineering to order)<\/em>, \u201dI look at three things: what exactly is changing, what risk does that pose, and who is responsible for it. For the CRA, it is particularly important that the process is clear and traceable.\u201d<\/p>\n

Cooperation<\/h2>\n

\u201cCompliance requires collaboration and involvement from all levels of the organization: from the engineer welding components onto a printed circuit board to the CEO,\u201d Bram concludes. \u201cIt is often necessary to draft new policies or agree on different procedures. That is why it is important that everyone is on the same page and that everyone recognizes that the CRA, if applied correctly, yields significant benefits for the company.\u201d<\/p>\n

Are you curious about the lecture? Then register now<\/a> for the event via our website. We look forward to meeting you in Den Bosch.<\/p>\n\t\t<\/div>\n\t<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"","protected":false},"featured_media":0,"template":"","branches":[13],"events":[361],"secretariat":[],"categories":[],"themes_tax":[515],"content_types":[501],"class_list":["post-80443","news","type-news","status-publish","hentry"],"acf":[],"yoast_head":"\nHoe maak je embedded systemen en IoT-producten CRA-compliant: een stappenplan - FHI, federatie van technologiebranches<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/fhi.nl\/en\/nieuws\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hoe maak je embedded systemen en IoT-producten CRA-compliant: een stappenplan - FHI, federatie van technologiebranches\" \/>\n<meta property=\"og:url\" content=\"https:\/\/fhi.nl\/en\/nieuws\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/\" \/>\n<meta property=\"og:site_name\" content=\"FHI, federatie van technologiebranches\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-23T09:32:09+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/fhi.nl\/nieuws\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/\",\"url\":\"https:\/\/fhi.nl\/nieuws\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/\",\"name\":\"Hoe maak je embedded systemen en IoT-producten CRA-compliant: een stappenplan - FHI, federatie van technologiebranches\",\"isPartOf\":{\"@id\":\"https:\/\/fhi.nl\/#website\"},\"datePublished\":\"2026-03-23T09:28:31+00:00\",\"dateModified\":\"2026-03-23T09:32:09+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/fhi.nl\/nieuws\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/fhi.nl\/nieuws\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/fhi.nl\/nieuws\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/fhi.nl\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Nieuws\",\"item\":\"https:\/\/fhi.nl\/nieuws\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Hoe maak je embedded systemen en IoT-producten CRA-compliant: een stappenplan\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/fhi.nl\/#website\",\"url\":\"https:\/\/fhi.nl\/\",\"name\":\"FHI, federatie van technologiebranches\",\"description\":\"Nederlandse branchevereniging voor technologiebranches\",\"publisher\":{\"@id\":\"https:\/\/fhi.nl\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/fhi.nl\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/fhi.nl\/#organization\",\"name\":\"FHI, federatie van technologiebranches\",\"url\":\"https:\/\/fhi.nl\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/fhi.nl\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/fhi.nl\/app\/uploads\/2024\/06\/3-e1722349014385.png\",\"contentUrl\":\"https:\/\/fhi.nl\/app\/uploads\/2024\/06\/3-e1722349014385.png\",\"width\":732,\"height\":136,\"caption\":\"FHI, federatie van technologiebranches\"},\"image\":{\"@id\":\"https:\/\/fhi.nl\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/fhi-federation-of-technology-branches\",\"https:\/\/www.instagram.com\/fhi_nl\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to make embedded systems and IoT products CRA-compliant: a step-by-step plan - FHI, Federation of Technology Branches","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/fhi.nl\/en\/nieuws\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/","og_locale":"en_GB","og_type":"article","og_title":"Hoe maak je embedded systemen en IoT-producten CRA-compliant: een stappenplan - FHI, federatie van technologiebranches","og_url":"https:\/\/fhi.nl\/en\/nieuws\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/","og_site_name":"FHI, federatie van technologiebranches","article_modified_time":"2026-03-23T09:32:09+00:00","twitter_card":"summary_large_image","twitter_misc":{"Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/fhi.nl\/nieuws\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/","url":"https:\/\/fhi.nl\/nieuws\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/","name":"How to make embedded systems and IoT products CRA-compliant: a step-by-step plan - FHI, Federation of Technology Branches","isPartOf":{"@id":"https:\/\/fhi.nl\/#website"},"datePublished":"2026-03-23T09:28:31+00:00","dateModified":"2026-03-23T09:32:09+00:00","breadcrumb":{"@id":"https:\/\/fhi.nl\/nieuws\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/fhi.nl\/nieuws\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/fhi.nl\/nieuws\/hoe-maak-je-embedded-systemen-en-iot-producten-cra-compliant-een-stappenplan\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/fhi.nl\/"},{"@type":"ListItem","position":2,"name":"Nieuws","item":"https:\/\/fhi.nl\/nieuws\/"},{"@type":"ListItem","position":3,"name":"Hoe maak je embedded systemen en IoT-producten CRA-compliant: een stappenplan"}]},{"@type":"WebSite","@id":"https:\/\/fhi.nl\/#website","url":"https:\/\/fhi.nl\/","name":"FHI, federation of technology industries","description":"Dutch trade association for technology industries","publisher":{"@id":"https:\/\/fhi.nl\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/fhi.nl\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/fhi.nl\/#organization","name":"FHI, federation of technology industries","url":"https:\/\/fhi.nl\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/fhi.nl\/#\/schema\/logo\/image\/","url":"https:\/\/fhi.nl\/app\/uploads\/2024\/06\/3-e1722349014385.png","contentUrl":"https:\/\/fhi.nl\/app\/uploads\/2024\/06\/3-e1722349014385.png","width":732,"height":136,"caption":"FHI, federatie van technologiebranches"},"image":{"@id":"https:\/\/fhi.nl\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/fhi-federation-of-technology-branches","https:\/\/www.instagram.com\/fhi_nl\/"]}]}},"_links":{"self":[{"href":"https:\/\/fhi.nl\/en\/wp-json\/wp\/v2\/news\/80443","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fhi.nl\/en\/wp-json\/wp\/v2\/news"}],"about":[{"href":"https:\/\/fhi.nl\/en\/wp-json\/wp\/v2\/types\/news"}],"version-history":[{"count":3,"href":"https:\/\/fhi.nl\/en\/wp-json\/wp\/v2\/news\/80443\/revisions"}],"predecessor-version":[{"id":80447,"href":"https:\/\/fhi.nl\/en\/wp-json\/wp\/v2\/news\/80443\/revisions\/80447"}],"wp:attachment":[{"href":"https:\/\/fhi.nl\/en\/wp-json\/wp\/v2\/media?parent=80443"}],"wp:term":[{"taxonomy":"branches","embeddable":true,"href":"https:\/\/fhi.nl\/en\/wp-json\/wp\/v2\/branches?post=80443"},{"taxonomy":"events","embeddable":true,"href":"https:\/\/fhi.nl\/en\/wp-json\/wp\/v2\/events?post=80443"},{"taxonomy":"secretariat","embeddable":true,"href":"https:\/\/fhi.nl\/en\/wp-json\/wp\/v2\/secretariat?post=80443"},{"taxonomy":"categories","embeddable":true,"href":"https:\/\/fhi.nl\/en\/wp-json\/wp\/v2\/categories?post=80443"},{"taxonomy":"themes","embeddable":true,"href":"https:\/\/fhi.nl\/en\/wp-json\/wp\/v2\/themes_tax?post=80443"},{"taxonomy":"content_types","embeddable":true,"href":"https:\/\/fhi.nl\/en\/wp-json\/wp\/v2\/content_types?post=80443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}