Secure by Design, Compliant by Default: Navigating the Cyber Resilience Act with NXP and Digi

The Cyber Resilience Act (CRA) significantly reshapes the global product compliance landscape by embedding strict cybersecurity obligations into the framework for Conformité Européenne (CE) marking. These requirements potentially impact any OEM product, regardless of origin, that is intended to be sold in the EU. Formally known as Regulation (EU) 2024/2847, the CRA applies to any product containing digital elements whose intended purpose or foreseeable use includes a direct or indirect data connection — either logically or physically — to a network or device. This hands-on guide from Digi and NXP provides a walkthrough of the requirements and how to comply. Under this regulation, all products that are capable of connecting to a device or network must meet defined cybersecurity requirements in order to receive CE marking, which is a legal prerequisite for sale within the EU. Products that do not comply cannot be placed on the EU market. At the heart of the CRA is a response to persistent cybersecurity shortcomings. Although many products claim to be secure, there is often no reliable way for consumers or businesses to verify such claims or to ensure ongoing protection. The CRA provides a unified, mandatory framework for cybersecurity compliance that spans the entire product lifecycle.

White Paper Overview

Cybersecurity is no longer optional—it’s a legal requirement. With the introduction of the Cyber Resilience Act (CRA), the European Union has set a new standard for digital product compliance, mandating robust security measures across the entire product lifecycle. For OEMs and developers, this means rethinking how connected devices are designed, maintained, and brought to market.

This white paper, developed by NXP Semiconductors and Digi International, provides a practical guide to navigating CRA compliance. It outlines the key requirements, risks of non-compliance, and how integrated platforms—like Digi’s ConnectCore® SOMs powered by NXP’s secure processors—can simplify the path to certification.

You’ll gain insight into how scalable, secure-by-design solutions can help you meet CRA obligations while accelerating development and reducing risk.

Why read this white paper?

• Understand the regulation: Learn what the CRA requires and how it impacts your product roadmap.
• Design with confidence: Discover how NXP and Digi’s platforms support secure development from day one.
• Simplify compliance: Explore tools for vulnerability management, SBOM generation, and secure updates.
• Accelerate time-to-market: See how pre-integrated solutions reduce complexity and certification hurdles.
Whether you're launching a new connected product or updating an existing one, this white paper will help you build with security, scalability, and compliance in mind.

Download the white paper to explore how NXP’s EdgeLock® and Digi’s ConnectCore® are enabling secure-by-design solutions for CRA compliance.