S E C U R I T Y
Europe ‘ s Response to Cybercrime : CRA
In an increasingly digitalized world where cyberattacks are becoming more sophisticated and frequent , the need for a legal framework to ensure cybersecurity is paramount . The EU Cyber Resilience Act ( CRA ) aims to guarantee the security of digital products and services . This article explores ways to ensure CRA compliance using CodeMeter .
Motivation from Two Directions Product security is a critical success factor for businesses . On the one hand , companies aim to protect their software know-how from hackers using reverse engineering . On the other hand , software monetization must not be undermined by piracy . External requirements , driven by market demands or legal mandates such as IEC 62443 , NIS2 , and the EU Artificial Intelligence Act , also play a role .
Since the end of 2024 , the EU Cyber Resilience Act has been in effect for all member states . It includes guidelines , processes , security requirements for digital products , detailed information , and reporting obligations . Non-compliance with these regulations can result in fines amounting to millions . Although the CRA al-
Application
01010010010010101001010010101001010100 10101001010100101010100101010010010010 10100101001010100101010010101001010100 10101010010101001001001010100101001010 10010101001010100101010010101010010101 00100100101010010100101010010101001010 10010101001010101001010100100100101010 01010010101001010100101010010101001010
Function 1
10100101010010010010101001010010101001 01010010101001010100101010100101010010 01001010100101001010100101010010101001
Function 2
01010010101010010100101010010101001010 10010101001010101001010100100100101010 01010010101001010100101010010101001010 10100101010010010010101001010010101001
Function 3
01010010101001010100101010100101010010 01001010100101001010100101010010101001 01010010101010010101001001001010100101 00101010010101001010100101010010101010
AxP
AxP
01010100100100101010010100101010010101 00101010010101001010101001010010101001
Basic License
lows a transition period until 2027 , businesses must act now to prepare . Determining who is affected and in what capacity marks the starting point of the compliance journey .
CodeMeter as a Companion for CRA Compliance
The following sections present various examples of how CodeMeter technology can actively support you on this journey . Our experts have identified specific parts of the CRA where Wibu-Systems ’ products can be leveraged for compliance .
Measures to Restore Compliance CRA Art . 13 ( 21 )
If manufacturers determine that a product with digital elements in the field no longer complies with CRA regulations , they must immediately take measures to restore compliance or , if this is not possible , withdraw the product from the market . Manufacturers must maintain an overview of products and users in the field to inform affected customers .
This can be achieved by leveraging CodeMeter licenses , which provide complete transparency for manufacturers . Programs or functionalities can be disabled or replaced by withdrawing or updating licenses to regain compliance . Using CodeMeter License Central and CodeMeter License Portal , managing licenses in the field becomes seamless and transparent across multiple levels . Roles and rights can be assigned to these
License Container
License 1
License 2
License 3 levels , and the status of licenses in the field is always accessible .
Access Protection ( CRA Annex I , Part I , 2d )
In addition to general authentication and authorization via issued licenses , CodeMeter allows for specific licenses to be assigned−for example , for different software versions , compliance with export controls , regional requirements , or particular user groups or individual users via Named User Licenses . CodeMeter Certificate Vault can securely deploy certificates to the field and integrate them into applications via standard protocols . Access protection based on CodeMeter is also implemented for CODESYS and Siemens ’ TIA Portal . Rockwell Automation uses the technology for Studio 5000 Logix Designer .
Data Confidentiality and Integrity ( CRA Annex I , Part I , 2e , 2f )
Manufacturers must ensure data confidentiality and prevent data manipulation to guarantee data integrity . By utilizing encryption and cryptographic signatures through CodeMeter licenses , CodeMeter API and CodeMeter Protection Suite provide manufacturers with all the tools needed to meet these requirements . CodeMeter License Central ensures secure key distribution .
Compliance and Monetization : An Ideal Combination
By combining product security and licensing , CodeMeter offers an ideal solution that supports CRA compliance while enabling the licensing of products with digital components − An investment with a guaranteed return !
14