IoTSF plenary event: You’re not ready for the CRA
The EU Cyber Resilience Act (CRA) is set to fundamentally change how connected products are designed, developed, secured, and maintained – yet many organisations are still underestimating the scale of the business and technical challenges.
The EU CRA came into force in December 2024, with mandatory compliance for cybersecurity for Vulnerability Reporting by September 2026 and all digital products required by December 2027. In Europe this is backed by the EU €22 million SECURE programme for EU SMEs. This event explores how global and UK manufacturers must adapt their compliance policies and processes to maintain their CE marks and retain uninterrupted trade access in the EU Single Market.
| Time | Details |
|---|---|
| 09:30 | Registration |
| 10:00 | Keynotes: HMG CyberSec Representative / TUV Representative : CRA competitive impact for the UK |
| 10:30 | Session 1 : The Business impacts of CRA (What, Why, How & When?) |
| Richard Marshall, CENELEC JTC13/WG9 & BSI IST/33/-/9 Chair – The CRA Roadmap; What to expect | |
| Simon Dunkley, Itron and BSI IST/33/-/8 Chair (EN 18031) – The challenge ahead for OEMs based upon the RED Article 3.3 | |
| 11:20-11:40 | Coffee Break |
| Haydn Povey, SCI Semi – Building in Cyber Resilience | |
| TBC – Certification and global compliance | |
| 12:30 | Lunch & Networking |
| 13:30 | Session 2 : IoTSF Plenary and CRA Action Plan (Where is IoTSF now & how can we address the opportunity) |
| TBC – How can IoTSF support the OEM sector? (What have we done before?) | |
| Panel Discussion with audience Q&A : TuV, Element, ITRON | |
| 14:15 | Coffee break |
| 14:35 | Session 3: IoTSF forward activity plan |
| Assurance Framework Group | |
| Best Practice Group | |
| Regulatory Watch Group | |
| 15:50 | AOB and Wrap-up |
| 16:00 | Event close |