The Cyber Resilience Act (CRA) is here — and for any company building connected devices, it’s a game-changer.
If your product touches a network, contains software, or is even capable of connectivity, the CRA applies. And by December 11, 2027, you will need to prove that your products meet strict security requirements to get a CE mark.
But that's more than just a checkbox. It means:
As you can see, there is a lot involved. That’s why Digi and NXP teamed up—to give original equipment manufacturers (OEMs) a head start.
Discover how Digi and NXP simplify CRA compliance. Download the guide to explore secure development strategies and technologies.
The CRA doesn’t ask you to patch security in—it requires you to build with it.
Digi’s approach starts with NXP’s proven silicon security. The EdgeLock® Assurance program helps ensure that NXP processors—like those found in Digi’s ConnectCore® System-on-Modules (SOMs) —are tested, verified and CRA-ready.
To further support CRA compliance, NXP product security capabilities can be mapped to the CRA’s Essential Cybersecurity Requirements, including product configuration, authentication, access control, data protection, monitoring, vulnerability management and incident response.
NXP’s security solutions are available in a range of functionalities, from entry-level to advanced—allowing OEMs to scale protections based on risk levels. Technologies such as EdgeLock Secure Enclave, Secure Elements and EdgeLock 2GO services offer robust credential protection, life-cycle security management and turnkey provisioning.
Digi complements NXP’s secure foundation with its Digi TrustFence® framework, offering essential protections like secure boot, encrypted file systems and authenticated access—foundational to CRA compliance. On top of that, Digi ConnectCore Security Services support life-cycle protection with software bill of materials (SBOM) generation, vulnerability scans, curated patches and coordinated disclosure. These are complemented by Digi ConnectCore Cloud Services, which enable secure over-the-air (OTA) updates, remote management and policy enforcement at scale. All of this is tightly integrated with Digi Embedded Yocto (DEY)—a secure Linux distribution with a robust patch policy and full integration across Digi’s ecosystem to help maintain compliance from development to post-deployment.
Every part of Digi’s platform maps directly to Annex I of the CRA—both the product requirements (secure boot, access control, data encryption, etc.) and the vulnerability-handling mandates (SBOM, disclosure, secure updates).
Instead of leaving you to figure out what’s required, Digi gives you:
All using NXP’s secure processor architecture as the backbone.
What makes the Digi–NXP approach different? It’s not just about the parts—it’s the integration.
The hardware (from NXP), the software (from Digi), and the services (TrustFence, ConnectCore Security/Cloud, DEY) all work together to reduce time-to-market and minimize compliance complexity.
As the CRA’s deadlines draw closer, manufacturers need clear answers. Digi and NXP deliver exactly that — no guesswork, no duct tape.
The CRA isn’t just an EU regulation. It’s the new baseline for trustworthy devices. And those who build security now will be positioned to stand out later.
With Digi and NXP, OEMs don’t comply—they launch faster, stay secure longer, and build customer trust into every connected product.
Our innovation and technology expertise help organizations develop breakthrough solutions to enable a smarter, safer and more sustainable world. We're sharing these customer success stories to highlight the bright minds that are delivering tomorrow’s breakthrough technologies.