%20(2).svg){kind=small}
EU Cyber Resilience Act (CRA)
CRA does not change our direction, it reinforces it.
Silex Technology’s Commitment to the EU Cyber Resilience Act (CRA)
The EU Cyber Resilience Act (CRA) introduces new cybersecurity requirements for products with digital elements placed on the European market. At Silex, security, reliability, and long-term product support have always been core to how we design, build, and maintain our products.
We are proactively aligning our development processes, security governance, and lifecycle support with CRA requirements. This ensures our customers can design, deploy, and maintain compliant products with confidence, without added complexity or uncertainty.
Our Approach
Silex’s CRA compliance strategy is grounded in internationally recognized cybersecurity standards, disciplined lifecycle governance, and transparent communication with customers.
As CRA harmonized standards are finalized, our approach ensures:
A smooth transition to CRA enforcementContinued compliance for products already placed on the EU marketPredictable, long-term security support for deployed systems
Secure Development & Lifecycle Governance
Silex aligns its CRA compliance framework with globally recognized cybersecurity standards, including:
IEC 62443-4-1 – Secure product development lifecycle and organizational security processesIEC 62443-4-2 – Product-level technical security requirements (or successor standards adopted under CRA)Product-category-specific EU cybersecurity standards defined by CRAApplicable EU harmonized standards aligned to each product category
This framework ensures:
Secure-by-design development from architecture through releaseConsistent, repeatable security requirements across product families
Silex has formally established a Product Security Incident Response Team (PSIRT) responsible for managing product security across the entire product lifecycle.
The PSIRT coordinates with internal engineering teams, customers, partners, and external security researchers to ensure vulnerabilities are handled quickly, responsibly, and in line with regulatory expectations.
Vulnerability Management & Coordinated Disclosure
Silex operates a Coordinated Vulnerability Disclosure (CVD) framework aligned with CRA requirements, including:
Continuous monitoring for newly disclosed vulnerabilitiesStructured intake and triage of reports from:
External security researchersPartnersCoordinated disclosure programsClear and timely communication with affected customersCompliance with CRA-mandated vulnerability disclosure timeliness.
A formal CVD policy and reporting channel will be published and maintained on this site.
Security Updates & Maintenance Period
Silex provides security updates for the full declared maintenance period of each product.
The maintenance period is defined as five (5) years from the final shipment of the product.
Security updates may include:
Firmware and driver vulnerability patchesUpdates to cryptographic librariesProtocol updates, where applicableMitigations for newly discovered security threats
Maintenance periods are clearly documented and communicated, allowing customers to plan long-term deployments with confidence.
Transparency & Compliance Documentation
To support customer compliance efforts, Silex maintains and provides relevant security and compliance documentation, including:
Software Bill of Materials (SBOM)
Tracking third-party and open-source componentsAvailable through controlled disclosure mechanisms (e.g., AMCP services)Security update and notification policiesVulnerability handling procedures
CRA compliance is not a one-time exercise, it is an ongoing responsibility. Silex is committed to continuously strengthening our security processes, aligning with evolving regulations, and supporting customers throughout the full lifecycle of their products.
As additional policies, reporting channels, and technical details are finalized, this page will be updated accordingly.
