This category is the central space dedicated to helping you navigate the EU Cyber Resilience Act (CRA) and other IoT security and compliance topics.
The CRA is a new regulation designed to improve the cybersecurity of connected devices (IoT and edge) sold and operated within the European Union. The CRA sets clear requirements around secure device design, mandatory Software Bills of Materials (SBOMs), timely vulnerability management and lifecycle security compliance. Its goal is to ensure all IoT products in the EU market are secure by design and remain resilient against cyber threats throughout their operational lives.
We created this space because:
- The CRA introduces significant changes and requirements for IoT products—especially around secure design, SBOMs, vulnerability management and lifecycle compliance.
- Many of you have asked us how balena’s tools and platform can help meet these new standards.
Here you will find:
- Clear explanations of the CRA’s key points and legal requirements.
- Guides and tips on enabling secure boot and full disk encryption, managing secure OTA updates and creating compliant IoT device workflows using balena.
- This pretends to be a community-driven space. Feel free to ask questions, share experiences and learn from other peers facing similar challenges.
- Finally we will also publish regular updates on how balena supports compliance and support the latest regulatory developments.
Contribution Guidelines:
We encourage open, respectful and constructive dialogue. Be respectful with different opinions, provide clear and helpful information and maintain a professional tone. Posts that do not follow these guidelines may be moderated to maintain community standards.
How you can participate:
- Start a new thread if you have questions or topics to discuss.
- Share your CRA compliance journey and help others by answering questions.
We are here to learn together. No question is too basic and every experience adds value. Let’s collaborate on building secure, compliant IoT fleets together.