Comply with the Cyber Resilience Act
Get your CE marking with i46 compliance support for the Cyber Resilience Act .
IoT devices put on the market after November 2024 have to comply with the CRA!
i46 - Selected by:
Why is compliance hard to achieve?
The CRA introduces never-seen-before requirements
Gone are the days of lax security – secure-by-design is now the law of the (development) land . Patching up vulnerabilities after the fact won't cut it anymore – proactive threat mitigation, vulnerability assessments, and secure updates become the norm. But with limited resources and entrenched development models, adapting to this paradigm shift will be no mean feat.
CRA compliance must be continuously monitored
The European legislations grasp extend beyond initial compliance, demanding continuous monitoring throughout the device's lifespan. Newly discovered software vulnerabilities can render your once-compliant device or software into a potential threat. But ensuring this perpetual state of cybersecurity is daunting. Resources stretch thin, and hidden flaws can hide in the shadows.
Reaching compliance could be expensive
Internal resources, already stretched thin, may buckle under the burden of revamped processes, specialized expertise, and ongoing monitoring infrastructure. The CRA is a feat made for security giants, not smaller innovator. Collaboration, innovative solutions, and regulatory support from i46 will be crucial to ensure CRA compliance does not become a luxury.
This is about to change
Why i46?
The Cyber Resilience Act (CRA) in the European Union has raised the bar for IoT device security. i46 is here to help manufacturers and distributors navigate this new regulatory landscape.
For them, we offer comprehensive services, including initial and full assessments to identify security gaps, certification guidance to ensure compliance, and ongoing monitoring to maintain device security.
For companies with no office in the EU, we also provide EU representation services.
Our state-of-the-art laboratory, equipped with a private 5G network, allows us to test even the most unconventional IoT devices, including those without operating systems, ensuring compliance for a wide range of devices.
By partnering with i46, IoT manufacturers can not only meet the requirements of the CRA but also enhance the security of their IoT devices, benefiting both their business and their customers.
Now with device-level quantum encryption !
i46, in partnership with the Fraunhofer Institute, one of the world's leading applied research organisation, has developed the first-of-its-kind quantum-ready and CRA-compliant authentication system for IoT devices.
Why quantum-ready? While the CRA doesn't yet require quantum-resistant solutions, we believe true security means future-proofing your devices. Our device-level solutions empower manufacturers to protect their products against both current and future threats, ensuring long-term CRA compliance.
How will i46 help you achieve compliance ?
Initial assessment
🕒1 day
Every journey begins with a single step.
With us, your path to CRA compliance starts with a swift and thorough Initial Assessment. This first phase, lasting just one working day, is entirely free of charge and designed to quickly determine if your product aligns with our certification capabilities.
Full Assessment
🕒2 to 4 weeks
In Phase 2, we uncover the exact changes your product needs to undergo in order to become CRA compliant. Our experts conduct a comprehensive assessment, leaving no stone unturned to ensure your product aligns with the stringent requirements of these European regulations.
Certification
🕒4 to 8 weeks
Reaching compliance is now within sight.
Phase 3, Certification, seals the deal, ensuring your IoT devices are not only secure but recognized as such.
During this phase we ensure that the issues identified in Phase 2 have been addressed, draft the EU Declaration of Conformity, which enables you to affix the CE marking to your product, and establish the EU Authorized Representative contract, fulfilling the requirement for non-EU companies to have a Representative in the EU.
Continuous monitoring
🕒device lifetime
In Phase 4, i46 focuses on continuous monitoring, ensuring your devices remain compliant with the Cyber Resilience Act throughout the lifetime of your devices. During this phase, we will conduct annual reviews of your product, and may exercise our mandate as EU Authorized Representatives if the occasion to do so arises.
↙
Includes EU Authorised Representative and CE Marking !
Initial Assessment
🕒1 day
Free
The Initial Assessment
Every journey begins with a single step. And with us, that first step towards compliance is remarkably swift, thorough, and completely free. The Initial Assessment a one-day dive into your product's security posture, designed to clarify your path forward.
Our dedicated experts will scrutinize your documentation, architecture, and development processes. Within a day, you will receive a clear roadmap for achieving a robust, CRA-compliant future.
Requirements
• General product description
• Pictures of the device
• Architecture and operating system,
• Remote Access to one device.
Outcomes
• Certification Approval : In most cases, we will confirm your product's eligibility for i46 certification within one working day.
• Physical Product Request : For certain scenarios, we may ask you to deliver a physical unit to our lab for more in-depth analysis
Full Assessment
🕒2 to 4 weeks
up to 7,500 euros
The Full Assessment
The Full Assessment is a meticulous and comprehensive evaluation of your product or software, designed to provide you with a clear roadmap for achieving compliance.
Our experts will delve into every aspect of your product: architecture, security posture, development processes, data handling, and potential vulnerabilities. No detail is overlooked as we analyze your product against the stringent CRA standards.
The result is a personalized action plan, outlining the precise adjustments needed to ensure your product meets all compliance criteria.
Requirements
• Design documents (if available),
• Installation script for your software,
• Any other relevant document.
Outcome
• A detailed list of changes required for certification, pinpointing areas for improvement and ensuring compliance with the CRA's robust security standards.
Certification
🕒4 to 8 weeks
up to 10,000 euros
The Certification
Building on the roadmap built in the previous phase, this phase takes your product on a transformative journey towards CRA compliance.
We focus on two key objectives: ensuring that all identified vulnerabilities identified earlier have been fixed and generating comprehensive compliance documentation.
This phase is more than just technical wizardry; it is the guarantee of CRA compliance At the end of this phase, we hand you the keys to compliance, empowering you to navigate the CRA landscape with confidence and ease.
Requirements
• All issues uncovered during the assessment have been meticulously addressed,
• The i46 cybersecurity compliance script is seamlessly integrated.
• The EU Authorized Representative mandate is given to i46.
Outcomes
• Certification documents that attest to your device's compliance: EU Certificate of Conformity, Technical Documentation and CE marking,
• A new installer for your product
• Your very own i46.io compliance server, ready to continuously monitor your devicess compliance status.
Authorized Representative Services
Non-EU companies looking to sell their connected devices and software in the European market face a hurdle: the Cyber Resilience Act demands a designated EU Authorised Representative.
This trusted legal entity acts as your bridge to the EU, ensuring your products comply with the Act's reporting requirements and assessment requirements.
But what exactly does it mean to have an Authorised Representative ? Think of it as a business and technical partner. From handling technical documentation and conformity assessments to dealing with authorities and responding to incidents, your representative becomes your voice in the EU.
This is where i46 revolutionizes the game. Unlike other providers who charge hefty fees for this essential service, i46 includes EU Authorized Representation as part of its basic package. This means unparalleled accessibility and affordability – a game-changer for smaller companies and startups who might otherwise be priced out of the European market.
With i46 as your EU Authorized Representative, you gain an experienced partner, not just a compliance checkbox
Continuous monitoring
🕒device lifetime
10,000 euros per year + 1 euro per device
Continuous monitoring
Achieving CRA compliance is a crucial first step, but ensuring your product remains compliant is a marathon, not a sprint.
In this phase, Continuous Monitoring, is where i46.io becomes your unwavering guardian, safeguarding your CE certification and, hence, CRA compliance throughout your product's lifecycle.
Here's how we safeguard your CE certification:
• i46.io Server as Your Compliance Guardian: All CRA-compliant devices leverage the i46.io server for continuous monitoring, ensuring timely detection and response to potential threats,
• No Unauthorized Access, No Exceptions: We uphold the integrity of your devices by strictly prohibiting unauthorized access, safeguarding CRA compliance,
•Yearly Checkups, for Long-Term Health: We conduct annual certification reviews to verify that your devices maintain compliance with evolving cybersecurity standards,
•Swift Action in Critical Moments: In the rare event of a security issue that cannot be resolved by i46.io, we'll initiate an immediate response, including mandatory vulnerability report to EU authorities.
Outcomes
• Automatic Notifications, Keeping Everyone Informed : In case of a security issue, we automatically notify both end users and relevant authorities, aligning with legal requirements and fostering transparency,
• User Empowerment, One Opt at a Time: End users have the autonomy to opt in or out of certain security features; this is a requirement of the CRA.
• B2B Visibility, When Needed: For business-to-business devices, we offer optional access to i46.io, enabling greater visibility and control over device security.
↙
Continuous compliance, guaranteed.
╰┈➤
English 
Chinese