P01 · Compliance · Complimentary

CRA-Ready Assessment

Find out : at no cost : exactly what stands between your IoT product and Cyber Resilience Act certification. Typically within five working days.

A clear, honest picture of where your product stands.

No sales deck, no upsell theatre. The output is the output : a diagnostic document your engineering leadership can act on, written by people who do the certification work for a living.

Gap report

A structured document mapping your product to each TR-3183 / CRA requirement : met, partially met, or not met : with evidence requirements noted.

Priority roadmap

A ranked list of modifications needed to reach certification : what to fix first, what's cheap, what requires hardware revisions versus firmware.

Effort estimate

Indicative engineering effort and lead time to reach certification : so you can plan resourcing, procurement, and go-to-market dates realistically.

Step 01

Intake call

30 minutes. We learn your product class, target markets, and certification deadline. Scope is agreed.

Day 0
Step 02

Document review

Send us your technical documentation, architecture, firmware notes and interface map. We review against TR-3183.

Day 1–2
Step 03

Gap analysis

Our engineers map each clause to your implementation and draft the gap report with priority ranking.

Day 3–4
Step 04

Walkthrough

A 45-minute call to walk through findings and answer questions. Report is delivered in writing.

Day 5

Every requirement the regulation actually enforces.

Data confidentiality & integrity at restAnnex I (e)(f) : encryption, key storage, integrity of stored data.
Secure boot & firmware integrityVerified code paths, signed updates, rollback protection and recovery.
Authenticated communicationsNetwork identity, TLS posture, peer authentication, replay protection.
Vulnerability managementDisclosure policy, patch cadence, coordinated vulnerability handling.
Software Bill of Materials (SBOM)Generation, accuracy, and delivery format to downstream users.
Attack surface & default hardeningDefault credentials, exposed interfaces, minimal attack surface.
Logging & incident telemetryEvidence that anomalous activity is observable and reportable.
Future-proofing for post-quantumOptional : cipher-agility and migration path (ties into P04).

Questions we hear most.

Is it really free : where's the catch? +
There isn't one. We offer the assessment at no cost because our commercial work (P02 Certification Documentation, P04 Quantum-Resistant Solutions) depends on companies understanding the regulatory picture first. When you know the gap, you know which products : if any : you need from us.
Do I need to ship you hardware? +
No. The assessment is documentation-based. If we reach the point of recommending full certification (P02), then yes : a sample ships to our Prague lab. We'll say so clearly before that happens.
What if our product isn't Linux-based? +
We work across RTOS, bare-metal, Android, and custom stacks. Linux is common but not required. The assessment scope is the regulation, not a particular OS family.
Do we need to sign an NDA? +
Yes, mutually. We sign before any technical documentation changes hands. Standard bilateral NDA, or we can use yours.
What happens if we fail the assessment? +
There's no pass / fail : it's a diagnostic. You receive a gap report. Whether you remediate in-house, hire us for P02, or go to another provider is entirely up to you.

Ship a CRA-compliant product without guessing.

One week. No cost. Every assumption made explicit.