EU Cyber Resilience Act · Reg. 2024/2847

BREAK THE EDGE

We redesign electronic products so our clients meet the EU Cyber Resilience Act by December 2027 — from hardware and firmware to SBOM, vulnerability handling, and conformity assessment.

Talk to engineering What is the CRA?
Dec 2027 CRA Full Application
IPC-Certified PCB Design · Class 3
Engineered in Switzerland
Scroll
The regulation

The EU Cyber Resilience Act
changes everything you ship

Regulation (EU) 2024/2847 makes cybersecurity a placement condition for every product with digital elements sold in the EU — from consumer IoT to industrial controllers and networked machinery. Compliance requires secure-by-design hardware and firmware, a machine-readable SBOM, a documented vulnerability-handling process, and a formal conformity assessment.

Compliance timeline

  1. 10 Dec 2024 Entry into force
  2. 11 Jun 2026 Notification of conformity assessment bodies (Chapter IV)
  3. 11 Sep 2026 Reporting obligations — ENISA, 24 h / 72 h / 14 d
  4. 11 Dec 2027 Full application — Annex I, SBOM, conformity assessment
Non-compliance penalty up to €15 M or 2.5% of global turnover
Read the full CRA overview

Official EU sources

Our approach

Redesign for compliance, not for rework

We are a Swiss engineering partner that re-engineers our clients' electronic products to meet the CRA without compromising cost, performance, or time-to-market. We work at every layer of the product — silicon selection, PCB, firmware, supply-chain documentation — and we certify to IPC Class 3 when reliability matters most.

Most products placed on the EU market today do not meet Annex I. The path to compliance is rarely a drop-in patch: it is a disciplined redesign of root of trust, secure update, cryptographic services, interface hardening, logging, and a vulnerability-handling process that operates across the declared support period.

We start with a gap assessment against Annex I § 1 and § 2, then deliver a roadmap that keeps your product on the shelf. Where high reliability is required — aerospace, defense, medical, critical infrastructure — we design to IPC Class 3 standards and J-STD-001 soldering, backed by documented IPC training.

Secure-by-Design

Root of trust, secure boot, signed firmware, cryptographic accelerators, attack-surface reduction — built into the silicon choice and schematic, not bolted on late.

Lifecycle Vulnerability Handling

Machine-readable SBOM (SPDX / CycloneDX), PSIRT workflow, 24 h / 72 h / 14 d reporting plumbing to ENISA, declared support period governance.

High-Reliability PCB Expertise

IPC-certified design for Class 3 electronics — IPC-A-610, IPC-6012, J-STD-001, IPC-2221 — with deep experience in aerospace and defense environments.

Reference designs

Production-tested
reference designs

Each design below is a production-tested platform we engineered in-house — proof of our PCB and firmware capability.

Secure Wireless Platforms

WildBay
2.4 GHz

WildBay

2.4 GHz BLE 5.2 / Thread / Zigbee SOM on STM32WB dual-core. Production-tested wireless reference design.
WildBay MKR
2.4 GHz

WildBay MKR

MKR-form evaluation carrier for the WildBay platform.
Vallarta
LPWAN

Vallarta

LoRa-compatible LPWAN SOM on STM32WL. Long-range, battery-powered reference design.
Vallarta MKR
LPWAN

Vallarta MKR

MKR-form evaluation carrier for Vallarta.
BlackMoon
Sub-GHz

BlackMoon

Sub-GHz LPWAN platform on STM32L0 + S2-LP. Multi-year battery life and ultra-long range.
BlackMoon MKR
Sub-GHz

BlackMoon MKR

MKR-form evaluation carrier for BlackMoon. Sub-GHz, Sigfox and 6LoWPAN.

Sensor Reference Designs

Featured reference
Polverine
Environmental

Polverine

Open-source environmental sensing platform on ESP32-S3 with Bosch BMV080 (PM2.5) and BME690.
PortRoyal MKR
Multi-sensor

PortRoyal MKR

8-sensor STMicroelectronics evaluation reference with sensor-fusion carrier.
Havana MKR
Multi-sensor

Havana MKR

Bosch Sensortec multi-sensor reference (BME688, BHI160B, BMM150, TCS34725) on STM32L4.
Martinica MKR
WiFi · Crypto

Martinica MKR

WiFi reference on Microchip ATSAMD21 with ATWINC1500 and ATECC608B CryptoAuthentication.
Mayreau
AI · Edge

Mayreau

AI-ready 8-sensor platform with WiFi / BLE 5.0 on STM32L4R9 at 120 MHz. Open-source hardware.
What we deliver

Integrated services
end-to-end for CRA

Six disciplines, one engagement. We take your current product from "non-compliant" to "placed on the EU market under a signed Declaration of Conformity" — without re-inventing what already works.

01

CRA Gap Assessment

Technical audit against Annex I Section 1 (product cybersecurity) and Section 2 (vulnerability handling). Risk-assessment report, classification against Annex III / IV, concrete remediation backlog.

CRA technical audit and risk assessment
02

Secure-by-Design Redesign

Hardware and firmware rework to introduce root of trust, secure boot, signed firmware, cryptographic services, TRNG, interface hardening, secure update path — engineered to fit within your existing BOM and industrial design.

Secure-by-design hardware and firmware
03

SBOM & Vulnerability Handling

Machine-readable SBOM (SPDX / CycloneDX), PSIRT workflow, coordinated-disclosure policy, 24 h / 72 h / 14 d reporting plumbing to ENISA and national CSIRTs, declared support-period governance.

SBOM and vulnerability handling process
04

Conformity Assessment Support

Technical file preparation, Declaration of Conformity, CE affixation, and Notified Body liaison for Annex III Important and Annex IV Critical classes. We stand up the evidence chain regulators ask for.

Conformity assessment and CE marking
05

Aerospace & Defense PCB Design

IPC Class 3 high-reliability design — IPC-A-610 Class 3 acceptability, IPC-6012 Class 3/A rigid PCB, J-STD-001 Class 3 soldering, IPC-2221 generic design — for products with long service life and demanding environments.

Avionics control panel close-up — high-reliability aerospace electronics
06

Industrialization

DFM and DFT, test fixtures, volume introduction, and supply-chain due diligence (Article 13) — including third-party component traceability so your SBOM holds up over the product lifecycle.

Industrialization and supply-chain due diligence
Who we serve

Sectors where compliance is a placement condition

Every sector below has products with digital elements that fall under the CRA. We bring domain-specific redesign patterns and certification fluency to each.

Aerospace

Avionics, sensor suites, ground support equipment. IPC Class 3, extended thermal range, conformal coating, 15+ year lifecycles.

Defense

Mission-critical electronics for land, sea, and air platforms. Cybersecurity hardening, tamper-evidence, controlled-supply components.

Industrial IoT

PLCs, gateways, connected sensors, automation controllers — all within CRA scope and the Machinery Regulation 2023/1230.

Consumer Electronics

Smart home, wearables, connected appliances. Default CRA class — Self-Assessment with Annex I full compliance.

Medical Devices

MDR / IVDR digital elements — CRA overlays cybersecurity requirements on already-regulated products. Dual-compliance redesign.

Smart Infrastructure

Smart metering, EV charging, building automation — Annex III Important class. Notified Body pathway.

Credentials

Certified to design the hardest class of electronics

Our PCB design practice holds documented IPC training — including Military and Aerospace — and operates to IPC Class 3 acceptability. Every redesign is backed by named credentials and a traceable process.

IPC Training Certificate — PCB Design for Military and Aerospace

IPC PCB Design for Military and Aerospace

Credential ID PCBDMA-24111932773 · 24 PDH · Lifetime validity

Issued 19 November 2024

IPC Training Certificate — PCB Design Fundamentals II

IPC PCB Design Fundamentals II

Credential ID PCBDFII-25041520886 · 32 PDH · Lifetime validity

Issued 15 April 2025

IPC standards we design to

IPC-A-610 Class 3 · IPC-6012 Class 3/A · J-STD-001 Class 3 · IPC-2221 · IPC-7351 · IPC-D-356

Swiss corporate standing

BlackIoT Sagl · CHE-192.005.916 · registered in the Commercial Register of the Canton of Ticino · Vacallo, Switzerland.

Technology Partners

Silicon partners powering our secure designs

We source from vendors whose cryptographic services, long-term support commitments, and documented supply chains make CRA-ready designs possible.

Bring your product to the EU market

We start every engagement with a 60-minute working call and a written technical scope. No pitch deck — an engineering conversation with your electronics team.

BlackIoT Sagl
Via Stefano Franscini 2A, 6833 Vacallo, Switzerland
info@blackiot.swiss
Contact our engineering team