The EU’s Cyber Resilience Act (CRA) introduces far-reaching requirements for manufacturers of digital products – presenting companies with new challenges in IT security and quality assurance. While many are still debating, TÜV TRUST IT and G DATA CyberDefense AG are already taking decisive action and actively shaping the transformation.
Since June 2025, both companies have been working in partnership to implement the CRA in a practical way. At the same time, a quality management system according to ISO 9001:2015 is being introduced to not only meet regulatory requirements but to implement them efficiently and with a future-oriented approach.
What’s happening in detail?
✔️ Strategy & Communication:
The project team has refined the strategic direction and is preparing targeted external communication about the CRA – clear, understandable, and relevant for affected companies.
✔️ Structured Project Workflow:
Weekly status meetings with clearly defined responsibilities ensure continuous progress. All results and decisions are transparently documented in the project wiki.
✔️ Documentation According to ISO 9001:
Process descriptions and a comprehensive QM manual are being developed step by step – with a focus on requirements, feasibility, and practical application.
✔️ Active Standards Work:
TÜV TRUST IT and G DATA are not only monitoring developments around the CRA but are also actively participating in workshops and analyses related to European standardization.
Conclusion: Pioneers in the Market – Together
The project impressively demonstrates what is possible when regulation, quality, and IT security are considered together. As TÜV TRUST IT, we are shaping this transformation together with G DATA – as pioneers in the market and with the ambition to sustainably strengthen digital security.