For companies selling connected products in Europe

kromse makes CRA readiness clear.

If you sell alarms, drones, cameras, sensors, smart locks, routers, wearables or other connected devices in Europe, the Cyber Resilience Act may require you to prove your products are cyber-secure.

kromse turns that uncertainty into a practical product check-up, gap report and 90-day action plan without needing a large internal cybersecurity team.

Check if my product is affected See the first check-up
kromse Product Check-up
42%ready

Example result: 7 products checked, 18 missing items, 3 urgent risks.

Product affected by CRA?Checking
Software and firmware listMissing
Known security issuesFound
Proof and documents18 gaps
11 Sep 2026 Some reporting duties start applying.
24h / 72h Serious security issues may require fast action.
Connected products Alarms, drones, cameras, sensors and smart devices.
New EU rules

Cybersecurity is becoming part of selling connected products in Europe.

The Cyber Resilience Act creates cybersecurity obligations for many products with digital elements. The challenge is knowing what applies, what evidence is missing and who owns the work.

10 Dec 2024
The law is approved

The preparation window begins.

11 Jun 2026
Market preparation accelerates

Companies, advisors and partners start preparing.

11 Sep 2026
Fast reporting duties begin

Serious vulnerabilities may need quick reporting.

11 Dec 2027
Main obligations apply

The broader CRA framework becomes applicable.

The problem

Hardware companies are being asked cybersecurity questions they were not built to answer.

Connected-product teams often need to coordinate management, product, suppliers, operations, legal and technical contacts before they can even see the full compliance picture.

?

Does this law affect us?

Products with software, apps, cloud features, wireless links or remote updates may need attention.

1

What do we need to do?

Teams need a plain-language list of documents, processes, checks and responsibilities.

2

Where is the proof?

Security claims need organised evidence that can be reviewed later.

3

Who owns each task?

Suppliers, product teams, legal and leadership all touch different parts of the answer.

4

What if something goes wrong?

A serious security issue needs a response plan before the emergency happens.

5

We do not have a cyber team.

kromse is designed for product companies, importers and distributors, not only security experts.

Who we help

Built for companies that sell connected physical products.

kromse is useful when your product includes software, firmware, an app, a cloud feature, wireless connectivity or remote control.

Alarm and security companies

Alarms, sensors, cameras, smart locks and monitoring devices.

Drone and robotics sellers

Drones, robots, controllers, apps and cloud-connected devices.

Smart device brands

Smart home, wearables, pet tech, appliances and gadgets.

Importers and distributors

Connected products brought into the EU from suppliers abroad.

Industrial hardware companies

Machines, sensors, gateways and equipment with embedded software.

What kromse does

kromse turns CRA uncertainty into a practical action plan.

We help identify what applies, what is missing, what should be fixed first and what proof your team should keep.

1

Check exposure

Understand whether your products may fall under CRA obligations.

2

List gaps

See missing documents, policies, supplier information and security processes.

3

Map product data

Organise software, firmware, apps, suppliers and product versions.

4

Find known risks

Check whether public vulnerabilities may affect your products or suppliers.

5

Prepare evidence

Build a simple proof folder for product cybersecurity readiness.

6

Create a response plan

Define who does what if a serious product security issue appears.

How it works

From uncertainty to a clear product compliance plan.

1

Tell us what you sell

Share basic product, supplier, app and connectivity information.

Output: product map
2

Check possible CRA exposure

Translate the regulation into product-specific questions.

Output: affected product list
3

Find the gaps

Identify missing evidence, documents, processes and owners.

Output: gap report
4

Get a simple plan

Prioritise what to fix, document and assign over the next 90 days.

Output: action plan
First step

Start with a Connected Product Check-up.

Before selling you a platform, kromse starts with a focused 1-2 week check-up. We review your products, explain possible CRA exposure and give you practical next steps.

Request a product check-up
Product exposure checkWhich products may be affected and why.
Missing documents listWhat proof, policies and supplier information you still need.
Basic risk reviewA first look at vulnerabilities, software parts and supplier risks.
Emergency process checkWho should do what if a serious issue appears.
90-day action planClear next steps for management, product, suppliers and technical teams.
Ready-to-use templatesSimple templates for responsibilities, evidence and incident preparation.
Design and wording improvements

Further improvements to make the page stronger.

These are the next changes I would make once you have pilot/customer input.

Add proof points

Replace validation language with customer logos, pilot numbers or expert partner quotes when available.

Connect the form

Replace the mailto form with Tally, HubSpot, Airtable or a Vercel serverless endpoint.

Create product pages

Add focused pages for alarm companies, drone sellers, importers and industrial hardware teams.

Starting point

Start with a check-up. Move to ongoing monitoring only if you need it.

Pricing is a market-validation hypothesis and may evolve based on pilot learnings.

Connected Product Check-up

For companies that need clarity quickly.

EUR 1.5k-EUR 5k

Exposure check, missing documents list, basic risk review, emergency process check and 90-day plan.

Request proposal

Ongoing Product Readiness

For companies with several connected products or suppliers.

SaaS

Product list, supplier tracking, security issue alerts, proof folder and team task tracking.

Join waitlist

Expert Review Add-on

For companies that want extra confidence.

Custom

Legal review, cybersecurity review, supplier support and management-ready summary.

Discuss review
Get started

Do you sell a connected product in Europe?

Answer a few questions and we will follow up with an initial conversation to check whether the CRA may affect your products.

This is an initial screening, not a legal opinion.

FAQ

Questions companies ask first.

What is the Cyber Resilience Act?

It is a new EU regulation that creates cybersecurity requirements for many products that contain software or connect to other systems.

Does it apply only to big technology companies?

No. The CRA is mainly about the product, not only company size. Medium-sized companies selling connected devices may still need to prepare.

Is kromse a lawyer?

No. kromse helps organise the work, documents and checks. Formal legal advice should be reviewed by qualified legal experts.

Is kromse a cybersecurity auditor?

No. kromse does not replace an official audit or certification provider. It helps you understand what may be missing.

Who should join the first call?

Usually a business owner or manager, someone close to the product, and anyone who manages suppliers, documentation or technical support.

What happens after the check-up?

You receive a practical gap report and 90-day action plan. Ongoing monitoring can come later if your product portfolio needs it.

Make product cybersecurity readiness visible before the deadline arrives.

kromse helps your team move from uncertainty to a practical, trackable plan.

Check my product
Check my product