The European Union’s Cyber Resilience Act (CRA) is a regulation that applies to products with digital elements, including software and hardware. In this video, David A. Wheeler, Director of Open Source Supply Chain Security at OpenSSF, explains the CRA and its implications for software developers and organizations.
The CRA mandates risk identification, vulnerability management, and documentation, making it a significant shift from the status quo. Penalties for non-compliance can reach up to 15 million euros or 15% of annual revenue. OpenSSF has released a free, self-paced course to help software developers and managers understand and comply with the CRA.
Watch to learn more about the CRA and how to prepare for its enforcement in 2026 and 2027. Understand the importance of early preparation and how to ensure compliance with the CRA.
