Cyber Resilience Act (CRA)
The Cyber Resilience Act ensures cybersecurity for digital products and networked machines, driving innovation in companies. Discover strategies for compliance.
The Cyber Resilience Act not only affects software companies, but also traditional mechanical engineering companies - as soon as their products are networked. What sounds like a regulatory nightmare can become a competitive advantage if you start early: from the security backlog and risk analyses to the incident response team. The biggest challenge here is not in software testing or technology, but in the question of how to convince management before the deadline expires and the experts on the market become unaffordable.
Podcast Episode: Cyber Resilience Act (CRA)
In this podcast episode, we talk about the Cyber Resilience Act. We discuss how companies are implementing the new EU regulations to ensure the security of their machines. We look at how important software has become in mechanical engineering and how the industry is adapting to the new security requirements. Valuable insights and practical tips will be shared on how to approach the topic of cyber resilience. Of particular interest is the discussion on the networking of machines and the associated challenges. Another important topic is the training of development teams and the importance of a suitable mindset for the successful implementation of the new requirements.
“I’m actually a software developer because I don’t have to work with Excel spreadsheets.” - Christoph Ranalter
Christoph Ranalter has been working in development since 2011 and has been head of software and control development at Felder KG, a leading Tyrolean mechanical engineering company for woodworking, since 2022. He placed great emphasis on quality in software development early on and built up several high-performance teams, which he still supports today in order to develop efficient and high-quality software solutions. Looking to the future, Christoph Ranalter is focusing on the next milestones in modern software development, including AI, the Cyber Resilience Act and NIS2.
Highlights der Episode
- Cyber Resilience Act affects every digital product with network capability - machine builders must also act.
- Risk assessment before tools: First assess which vulnerabilities are relevant, then react.
- Developers want to implement security - management slows down due to costs and a lack of urgency.
- Starting early saves money: experts are becoming scarce, daily rates are rising from 1200 to 2000 euros.
- Software is becoming a distinguishing feature - everyone can now weld sheet metal, but not features through code.
Cyber Resilience Act: Challenges and strategies for mechanical engineering
In this podcast episode, Richie and Christoph discuss the Cyber Resilience Act and its impact on a mechanical engineering company. Christoph shares insights into the challenges and strategies for implementing the Act, as well as the importance of software and cybersecurity in mechanical engineering.
The role of software in mechanical engineering
Christoph begins by explaining that his company manufactures woodworking machines - from simple saws to complex CNC machining centers. With around 850 employees in Austria and a further 650 worldwide, it is a medium-sized family business. Although at first glance you might not think that mechanical engineering has much to do with software, it is clear that networked machines, cloud solutions and remote support are playing an increasingly important role. These developments naturally also bring with them new security requirements.
Cyber Resilience Act: What does it mean?
The Cyber Resilience Act affects any digital product that can interact with other devices or networks. Christoph describes how his company realized that this legislation also affects them - from smart coffee machines to CNC machines. Together with a consulting firm, they have carried out an initial screening and determined that they need to take measures to meet the legal requirements. Time is of the essence, as the first measures must be implemented by 2024.
Challenges during implementation
According to Christoph, one of the biggest challenges was to raise awareness of cybersecurity throughout the company. This meant not only introducing technical measures such as better firewalls or antivirus software, but also organizational steps such as training the development teams. He emphasizes the importance of a structured risk assessment and an incident response team. These teams must be able to react quickly when security gaps are discovered.
Technical solutions and tools
Christoph emphasizes that his company already uses a number of tools to improve security - including static code analysis tools and manual security tests. Nevertheless, there is still a lot to do: from encrypting internal communication processes to implementing update-over-the-air solutions for their machines. The integration of AI for data processing is also on their agenda.
Conclusion and outlook
At the end of the interview, Christoph shares his confidence that implementing the Cyber Resilience Act is not only a legal necessity, but can also provide a competitive advantage. Secure and innovative solutions can set them apart from competitors. He recommends that all companies - large and small - deal with the new requirements at an early stage and take appropriate measures.
Related Posts
Richard Seidl
•May 19, 2026
Why agentic engineering changes everything
Richard Seidl
•May 12, 2026