Published: December 1, 2025
Last modified: December 5, 2025
Two webinars to help embedded developers prepare for 2026
The Cyber Resilience Act (CRA) is one of the biggest regulatory changes the European tech industry has faced in years. Its goal is simple: improve the security of connected products throughout their entire life cycle. But the practical implications for embedded systems, Linux based devices and vendors of all sizes are far from simple.
To help teams navigate what is coming, we are hosting two online sessions in December. They are open to everyone who wants to understand the CRA, from developers and architects to engineering managers and product teams.
Webinar 1 : Introduction to the Cyber Resilience Act for Embedded Developers
December 15 at 15:00 CET
Free and open to all
Registration: open now (use the form below)
This first webinar explains the fundamentals in simple terms, with a practical focus on embedded and Linux based products. We will answer questions like:
- What is a manufacturer according to the CRA?
- How long do you need to provide security support (and what is the support period, how we define it)?
- How are products classified? What are the requirements for existing and new products under the CRA?
- What about open source?
This session is ideal if you are new to the CRA, or if you want a clean, structured overview before diving deeper.
It is up-to-date and includes information from official definitions of important/critical products, and the interpretations and clarifications from the Commission FAQ on the CRA.
We are planning for 45 minutes of presentation and 15 minutes questions.
To register, fill the form below. You will receive the conference link 24h before the event.
Webinar 2: The Current State of the CRA for embedded developers
December 17 at 15:00 CET
Limited seats, complimentary for Embedded Security alumni, 50 EUR for external participants.
Registration: Register and Pay with our payment partner Stripe
Standardization work around the CRA has progressed rapidly in the last months, with several public reviews recently completed. This session offers a clear and up to date overview of where we are now, what has changed, and what still needs clarification.
You will learn:
- What the latest drafts say about obligations for manufacturers and suppliers?
- What is the “presumption of conformity”?
- Which documents you will need to prepare?
- How product classification is evolving?
- What is expected for vulnerability management, SBOMs and secure update processes?
- What remains open, and what you should monitor in 2026?
This webinar condenses dozens of hours of reading so that you can focus on what matters for your products and your organization.
We are planning for 90 minutes total, with one hour of a presentation and a question session afterwards.
The funds we collect as the registration fee for this webinar will be exclusively used to fund work improving embedded open source security.
Who is this for?
- Embedded developers
- Linux system engineers
- IoT product teams
- Engineering managers
- Anyone curious about the CRA and its impact
If you build or maintain connected products, these webinars will help you prepare with accurate, practical information.
Note: This is not legal advice, we cover our current technical understanding only. Search for professional legal advice if your products are affected by the CRA.
See also: The CRA obligations (blog post), LWN article on Marta’s talks at Linaro Connect 2025 and The European Cyber Resilience Act (article from 2023).
