Nine months in, our project is well on its way to helping companies — especially SMEs — comply with the Cyber Resilience Act (CRA) by developing open-source tools, methods and guidance. Our overall goals are:
- designing and developing a suite of open-source tools to assist with conformity assessment under the CRA.
- automating the compliance assessment (technical baseline, documentation obligations) required by the CRA.
- producing guidelines, training modules, methodologies (including penetration testing) aligned with CRA requirements, to support manufacturers and SMEs.
- ensuring usability of the toolset and approach for SMEs with limited resources.
The project kicked off successfully with a consortium meeting on 25-26 February in Leipzig, where the roadmap for the following 18 months was defined.
The technical groundwork was laid in the first few months of the project and we defined the broader regulatory context (CRA, life-cycle security, supply chain/third-party components) to shape relevance and uptake.
The partnership has already produced a number of guidance documents and info flyers, as well as training videos on CRA related content—all of which are available for free on our website under the Materials section.
The CRA compliance tool is under development, and the piloting phase is already being planned for early 2026. If you are interested in joining with your company and products, do not hesitate to contact the CONFIRMATE consortium!
Apart from producing the open-source tool, in the second phase of the project we also want to focus more on community building: The project has already signed a Memorandum of Understanding with the Emerald Cluster in August 2025 and participated in numerous events. But we want to expand stakeholder engagement, e.g. through workshops with SMEs, and supporting uptake of the toolset.
We have our work cut out for us for the second half of CONFIRMATE! We’re looking forward to all things to come!
