How Phoenix Contact supports your journey to Cyber Resilience
October is Cybersecurity Awareness Month – and this year, it comes with a clear message:
“CRA? We are ready – and we’ll help you get ready too.”
With the Cyber Resilience Act (CRA), the European Union is introducing a regulation that will fundamentally change how connected products are developed, deployed, and maintained. At Phoenix Contact, we’ve been preparing for this shift – and we’re here to support you every step of the way.
What is the CRA?
The Cyber Resilience Act (CRA) is a new EU regulation that introduces mandatory cybersecurity requirements for all products with digital elements. It applies across the entire product lifecycle – from design and development to deployment and decommissioning.
Starting in 2027, cybersecurity will become a formal part of CE marking. That means manufacturers must:
- Identify and mitigate cybersecurity risks
- Ensure secure default configurations
- Provide updates and vulnerability handling
- Maintain technical documentation
- Report incidents within strict timelines
The CRA affects a wide range of stakeholders – from device manufacturers and software developers to machine builders and system integrators.
What needs to be done?
If you’re a manufacturer or machine builder, the CRA will likely impact your business. To prepare, you should:
- Review your product portfolio for CRA relevance
- Define product class and CRA Security requirements based on risk assessments
- Establish secure development processes
- Implement vulnerability management and incident response
- Ensure traceability and documentation
- Train your teams on CRA requirements and timelines
And don’t forget: the Machinery Regulation (MVO) also introduces cybersecurity obligations for machine builders. Both regulations require a proactive, structured approach to product security.
How Phoenix Contact is preparing
At Phoenix Contact, we’ve taken a proactive approach to CRA readiness. Our 360° cybersecurity strategy ensures that we meet – and exceed – the requirements of the CRA.
Here’s how:
- Certified products: Some of our devices, including PLCnext Control, are already certified according to IEC 62443-4-2 and developed under IEC 62443-4-1 secure development processes.
- Secure by design: Security is embedded in our hardware, software, and services – from the first line of code to the final firmware update.
- PSIRT and vulnerability handling: Our Product Security Incident Response Team (PSIRT) ensures fast and transparent handling of vulnerabilities – certified according to IEC 62443-4-1.
- Documentation and transparency: We offer guidelines, security context and many more information in our PLCnext Technology Security Info Center. More than that, we provide detailed technical documentation, Software Bills of Materials (SBOMs), and lifecycle support on our website to help you meet your own CRA obligations.
CRA-ready by design: Virtual PLCnext Control
For device manufacturers, CRA compliance can be a major challenge – especially when starting from scratch. That’s why we offer ready-to-integrate platforms like the Virtual PLCnext Control.
The solution comes with audited cybersecurity built in, allowing you to:
- Secure automation components
- CRA-ready control platforms
- Consulting and documentation services
- Lifecycle support and vulnerability management
By leveraging this platform, you can meet CRA requirements more efficiently – and with greater confidence.
Supporting machine builders
Machine builders face a dual challenge: complying with both the CRA and the Machinery Regulation. Phoenix Contact supports you with:
- Secure automation components
- CRA-ready control platforms
- Consulting and documentation services
- Lifecycle support and vulnerability management
Whether you’re building new machines or upgrading existing ones, we’re here to help you navigate the regulatory landscape.
Want to learn more?
We’ve created a dedicated whitepaper that explains the CRA in detail – including what it means for industrial automation and how you can prepare effectively.
Let’s shape the future of secure automation – together.
CRA? We are ready. Are you?
