The Cyber Resilience Act (CRA) is counting - how should PSIRT teams respond to this challenge?
The Cyber Resilience Act (CRA) is a legal framework in the EU aimed at descripting cybersecurity requirements for products with digital elements within its region. As of 2026, relevant product manufacturers will be required to comply with reporting obligations. These rules are mandatory, and non-compliance will result in substantial fines. This talk will share how our PSIRT Team is preparing to comply with this act and turn it into a security defense barrier.
In this talk, we will summarize the regulations, which exceed 100 provisions, into categories such as development and production requirements, vulnerability management requirements, market sales rules, and market supervision regulations. We will highlight special provisions and commonly overlooked aspects. We will also explain how our PSIRT Team ensures that these regulations are under control. For example, the CRA has reporting obligations. When manufacturers encounter severe incident or discover actively exploited vulnerabilities, they must provide designated information to the EU within specified timeframes. We will share how the PSIRT Team has established a process to address this.
TOPIC / TRACK
Supply Chain Security Forum
LOCATION
Taipei Nangang Exhibition Center, Hall 2
7F 701G
LEVEL
General General sessions explore new
cybersecurity knowledge and
non-technical topics, ideal for those with limited or no
prior cybersecurity knowledge.
SESSION TYPE
Breakout Session
LANGUAGE
Chinese
SUBTOPIC
Law
Cyber Resilience
PSIRT
CYBERSEC 2025 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。