With the European Cyber Resilience Act (CRA), the European Union is introducing a binding framework for the security of digital products. For manufacturers and operators of networked communication and security solutions, this is an important signal: Cyber Security is no longer just an IT concern. It is now a fundamental prerequisite for physical security, operational continuity, and the reliable functioning of critical infrastructure.
The CRA entered into force on 10 December 2024. Reporting obligations for actively exploited vulnerabilities and severe security incidents will apply from 11 September 2026, while the regulation’s essential requirements will become applicable from 11 December 2027.
These essential requirements mean that digital products must be developed securely, equipped with appropriate protective mechanisms, and actively protected against vulnerabilities throughout their support period. Manufacturers will also be required to assess risks, provide transparent security information, and demonstrate compliance through documentation, conformity assessment, and CE marking. In addition, clearly defined timelines for vulnerability management will apply. The message is clear: in Europe, Cyber Security is becoming a mandatory quality and trust factor for digital products.
When Cyber Security Becomes Essential to Physical Security
In connected communication and security solutions, cyber and physical security can no longer be separated. In security-critical environments such as energy and water utilities, data centres, public administration, healthcare, education, and manufacturing, cyber incidents can have immediate consequences for real-world operations, buildings, and people. Insufficiently protected devices, systems, or cloud services can pose a serious risk to availability, integrity, and response capability.
European Resilience Starts with Development and the Supply Chain
The CRA not only puts greater emphasis on technical security requirements, but also on the resilience of supply chains. For digital products developed and manufactured in Europe, the origin of security-critical components, transparency across the value chain, and control over geopolitical dependencies are becoming increasingly important. In security-critical markets, “Made in Austria” is therefore emerging as a strategic advantage for trust, traceability, and security of supply.
Commend: A Long-Standing, Holistic Approach to Cyber Security
For Commend, this development is highly relevant – but it is also something we can approach with confidence. Cyber Security has been an established part of our corporate and product strategy for many years. As a leading international provider of professional intercom and security communication solutions, with development and production based in Salzburg, Commend follows a holistic approach: from certified ISO/IEC 27001-based information security management and secure development processes in accordance with IEC 62443-4-1 to security advisories, a vulnerability disclosure policy, and a clear focus on Privacy and Security by Design.
