An informative event on the Cyber Resilience Act (CRA) was successfully held on Monday, May 5th 2025, jointly organized by the Cyprus Organization for Standardization (CYS) and the Digital Security Authority (DSA). The event emphasized the importance of preparedness for both manufacturers, provides and distributors involved in digital products, services, and critical infrastructures, in view of the new obligations introduced by the CRA.
The event was opened with welcome addresses by Mr. George Michaelides, Commissioner of Communications, and Ms. Athina Panayiotou, Director General of CYS, who warmly welcomed participants and underlined the significance of the regulation for the digital security of products and services, as well as the excellent cooperation between the two organizing bodies.
The event featured a series of presentations by distinguished speakers who provided an in-depth analysis of the latest developments in the CRA Act.
Mr. Razvan Gavrila, representing the European Union Agency for Cybersecurity (ENISA), presented the current EU cybersecurity policies and elaborated on ENISA’s forthcoming role for CRA Act but also in cyber threat information sharing across member states.
Following this, Mr. Conor Mc Goveron (Cyber Cert Labs) and Ms. Argyro Chatzopoulou (Apiro Plus Solutions) introduced practical tools designed to align with CRA cybersecurity essential requirements and documentation obligations, facilitating internal compliance procedures, including testing and specifications drafting.
Subsequently, Mr. Gabriel Faifman,( Product Security expert at Schneider Electric), outlined the core obligations imposed on manufacturers and providers under the CRA and emphasized the importance of international and European standards in achieving regulatory compliance.
In the second session of the event, Mr. Konstantinos Tsiourtos,(Managing Director of Kineas LLC), delivered a comprehensive presentation on the evolving landscape of European digital legislations. He examined how current and forthcoming EU Regulations and Directives including those related to cybersecurity, data protection, artificial intelligence, digital governance, and CRA are interrelated and often overlap between them.
Following this, Ms. Maria Raphael (Managing Director, PrivacyMinders) explained the risk assessment methodology required by the CRA, which must be applied throughout the entire product lifecycle from design , production, deployment and use of the product.
Next, Mr.Philippe Magneron (Hager Group) presented the CRA requirements for manufacturers of low-risk products (default category) as well as high-risk products (Class I, Class II, and Critical Category), which are subject to stricter conformity assessment and certification procedures by a Notified Body.
The event concluded with a presentation by Mr. Angelo D’amato, who leads the drafting of the horizontal standards that support the implementation of the CRA.
Mr. D’amato outlined the development of standards that will address the core needs of Annex I & II, incorporating security controls and the vulnerability handling requirements for digital products.
At the end of the event, participants had the opportunity to engage in a Q&A session with the speakers. It became evident that the Cypriot industry requires further awareness and involvement in standardization activities to enhance the cybersecurity posture of products and services.
The event concluded with a networking lunch, allowing for further discussion and collaboration opportunities among participants.
Presentations
ENISA’s Support on CRA Mr. Razvan Gavrila
Key Obligations for Manufactures and Providers Mr. Gabriel Faifman
Compliance Continuum: Tools Supporting CRA Compliance – “Curium Project Mrs. Argyro Chatzopoulou
Cybersecurity Risk Assessment – The CRA Cornerstone Mrs. Maria Raphael
Conformity Assessment Certification Mr. Philippe Magneron
Exploring Security Controls of Products based on CRA Mr. Angelo D’amato
SME Journey Through CRA: Challenges & Solutions Mr. Conor McGoveran