Skip to main content

What is the Cyber Resilience Act (CRA)?

The CRA establishes a harmonized framework for cybersecurity of products with digital elements, including:

  • Secure-by-design and secure-by-default product engineering
  • Lifecycle management of vulnerabilities and security updates
  • Increased transparency for users and operators
  • Mandatory reporting of actively exploited vulnerabilities and severe incidents

The regulation entered into force in December 10th 2024, with key obligations applying from September 11th 2026 (vulnerability reporting) and December 11th 2027 (full compliance).

What is the Machinery Regulation (MR)?

The Machinery Regulation introduces updated essential health and safety requirements for machinery and dedicated safety equipment placed on the European market. It explicitly integrates cybersecurity into safety considerations. Key objectives include:

  • Protection of machinery and safety equipment against cybersecurity threats that may impact safety
  • Harmonization of safety requirements across the EU
  • Consideration of modern technologies such as connected systems and software-enabled functionality
  • Support for digital documentation and lifecycle information

The Machinery Regulation will apply from January 20th 2027.

Kollmorgen’s Commitment to CRA and MR Compliance

Kollmorgen is taking a proactive approach to align with both CRA and MR requirements:

  • Secure Product Development
    We continue to strengthen our development processes in line with internationally recognized and developing standards such as IEC 62443 and EN 50742. These processes support:
    • Risk-based security design
    • Integration of cybersecurity throughout the product lifecycle
    • Continuous improvement of development and validation activities
  • Product Security Capabilities
    We continuously evaluate and enhance the security features of our products, including:

    • Secure communication mechanisms
    • Access control and authentication
    • Logging and monitoring capabilities

    Please note that specific security capabilities are evaluated and implemented on a product-by product basis accounting for technical feasibility and market needs.

  • Coordinated Vulnerability Disclosure (CVD)
    In line with CRA requirements, we implemented and continuously improve our coordinated vulnerability disclosure and response process:
    • A dedicated single point of contact (SPOC) for reporting vulnerabilities is provided below.
    • Received reports will be analyzed by our dedicated, cross functional Product Security Incident Response Team (PSIRT) with the appropriate urgency
    • Once a report is deemed valid, our reporting will inform all appropriate stakeholders, including the report initiator
    • Timely provision of security updates and mitigation guidance will be provided
  • Transparency and Customer Support
    We will support our customers’ compliance efforts by providing relevant cybersecurity information, including:
    • Guidance on secure product deployment, configuration and operation
    • Product-specific security capabilities where applicable
    • Information on security updates, support periods and advisories

CRA and MR are supported by evolving standards and guidance. We actively monitor these developments and engage with industry groups and standardization bodies as well as 3rd party auditors to ensure alignment. We will continue to adapt our products and processes and remain committed to delivering secure and compliant solutions.

 

Additional Industry Implications and Thoughts from Kollmorgen AMS

Interview with Kollmorgen AMS Product Security Officer

Security Vulnerability and Incident Reporting

Single Point of Contact for Cybersecurity

Use this form for reporting suspected cybersecurity vulnerabilities only. It is not monitored for technical support, sales inquiries, documentation requests, product security questionnaires, or general questions. Reports should include sufficient technical detail to allow investigation by Kollmorgen's Product Security Incident Response Team (PSIRT).

Privacy Statement - By sending us your contact details you agree that your personal data/user behavior can be electronically stored and processed.
CAPTCHA