Skip to main content

CRA Whitepaper with EY

· 2 min read
Maximilian Köhl
Maximilian Köhl
CEO & Founder of Silitics

Together with EY and Cumulocity, we have released a whitepaper on a practical reference architecture for EU Cyber Resilience Act (CRA) compliance. Rugix is a core component of the whitepaper's reference architecture, providing essential on-device functionality needed to meet the CRA's technical requirements.

The EU Cyber Resilience Act introduces sweeping new cybersecurity obligations for manufacturers of products with digital elements. While full enforcement begins in December 2027, reporting obligations will already come into effect as early as September 11, 2026. In the whitepaper, we present a modular approach to these challenges by combining EY's legal advice, Cumulocity's IoT device management, and Silitics' embedded engineering expertise and solutions.

Key CRA-relevant capabilities of Rugix covered in the whitepaper include:

  • Robust Software Updates: Atomic A/B updates with automatic rollback and cryptographic signature verification, combined with best-in-class delta update mechanisms.
  • Secure Factory Reset: Built-in state management to facilitate secure factory resets for decommissioning, transfer, or restoring a secure-by-default configuration.
  • Software Bill of Materials: Rugix Bakery can generate a machine-readable SBOM, a key requirement for traceability and CRA compliance.

You can read the full whitepaper here (light version), and find more details on Silitics' news page.