The European Union has introduced the Cyber Resilience Act (CRA) to ensure a high level of cybersecurity for digital products across Europe. CRA-PRO addresses the challenges and opportunities arising from this new legislation for Austria. The project aims to establish a practical foundation for CRA implementation, supporting authorities, research, and industry alike.

It focuses on developing processes, tools, and best practices to help manufacturers—especially small and medium-sized enterprises (SMEs)—comply with CRA requirements. Key aspects include product classification, risk assessment, Software Bill of Materials (SBOM), update management, and documentation.

CRA-PRO also promotes the creation of a national network to provide knowledge, training, and use cases, thereby strengthening Austria’s industrial base. In addition, it examines interactions with other legal frameworks such as RED, NIS2, and the Product Safety Regulation to enable harmonized implementation.

Lead
Christoph Schmittner, AIT Austrian Institute of Technology GmbH

Partners
Bundeskanzleramt der Republik Österreich
FEEI Management-Service GmbH
MSG Plaut
SBA Research gGmbH

Contact
CHRISTOPH SCHMITTNER Senior Research Engineer
AIT Austrian Institute of Technology GmbH
Center for Digital Safety & Security Security & Communication Technologies 
Giefinggasse 4 | 1210 Vienna | Austria 
T +43 50550-4244 christoph.schmittner@ait.ac.at | www.ait.ac.at