The Cyber Resilience Act (CRA) raises the bar for product security. Under Article 13(2), manufacturers must assess cybersecurity risks and account for them across all stages of planning, design, development, production, delivery, and maintenance. That assessment must also be documented and updated as appropriate during the product’s life and support.
This shift means teams need clear visibility into the components they ship – including third‑party, open‑source, and increasingly, AI elements. As AI models and services become part of the technology stack, they must be included in the product’s risk evaluation and handled with the same diligence required for software components.
Join us for a fast‑paced session where we break down what these requirements mean in practice, and how organizations can prepare without slowing development.
What you’ll learn:
Part I: Strategic Analysis - The CRA Mandate (Carsten Huth)
-
The key CRA obligations that impact software and AI‑driven products
-
How lifecycle‑long risk evaluation affects engineering and security workflows
-
Why component‑level transparency is becoming essential for compliance
Part II: Operational Execution: Managing the AI & Software Supply Chain (David Dewaele)
- See how Checkmarx’s latest advancements in SBOM, continuous open‑source risk monitoring, and AI supply chain security (AI‑BOM) help organizations meet CRA requirements for risk management, documentation, and secure component integration.
- Learn how to reduce regulatory risk, strengthen product security posture, and achieve compliance—without disrupting delivery or innovation.
Please register now.
