Does the CRA apply to your product? A 10-minute check
Products with digital elements, risk classes, open source — how to work out quickly whether you're in scope, and what your class means.
Read →Independent consulting for manufacturers of products with digital elements. I turn regulation and standards into a concrete, prioritized roadmap for your product — and help your engineers execute it.
Most engagements start with one of these four situations.
“A key customer sent us a CRA questionnaire — and the answers are due.”
CRA readiness →“We're adding connectivity to our product and don't know which regulations now apply.”
Scoping & classification →“Our assessor flagged gaps in the safety documentation — and the milestone is fixed.”
Functional safety →“Our safety and security teams produce documents that contradict each other.”
Safety–security integration →Engagements scoped to what your product actually needs — from a short readiness check to hands-on support through conformity assessment.
The Cyber Resilience Act applies to nearly every hardware and software product sold in the EU. I help you determine exactly what it requires of your product — then close the gaps in the right order: scoping, gap analysis, Article 14 reporting, technical documentation, and team training.
See what's included →Safety lifecycle support along IEC 61508, ISO 26262, and SOTIF — safety planning, hazard and risk analysis, safety concepts, and safety cases that stand up to assessment.
Standards & deliverables →Cybersecurity engineering along ISO/SAE 21434 and related frameworks — TARA, cybersecurity concepts, and one methodology shared with your safety work.
Standards & deliverables →No retainers you don't need, no hundred-page reports nobody reads. Every engagement starts small and earns its next step.
A free conversation about your product and where you stand. You leave with a clear picture of what applies to you — whether or not we work together.
A focused gap analysis against the requirements that matter for your product class. The result: a prioritized roadmap your team can execute.
Hands-on support where you need it — processes, documentation, reviews, training — until your team runs it without me.
Practical breakdowns of the CRA and its neighbors — written for engineers and product owners, not lawyers.
Products with digital elements, risk classes, open source — how to work out quickly whether you're in scope, and what your class means.
Read →The reporting obligations arrive before the rest of the regulation — with a 24-hour clock. What a process that can meet it looks like.
Read →Teams with a safety process already own most of what the CRA asks for. How to reuse it instead of building a parallel workstream.
Read →Describe your product and where you stand — even roughly. I typically reply within one business day. Or write directly to jyohan@joglekar.de.