About
Prepare for the EU Cyber Resilience Act (CRA) with this expert-led course delivered by Evidente in collaboration with Nohau. This training guides you through the transition from voluntary standards to mandatory legal obligations required for the EU market by September 2026 (reporting) and December 2027 (full obligations). What You Will Learn • Regulatory Context: Key differences and overlaps between CRA, NIS2 and RED. • Core Obligations: Essential requirements for "Products with Digital Elements", including "Secure by Default" principles and vulnerability handling. • Standards: Critical standards such as IEC 62443, ETSI EN 303 645, and EN 18031. • Implementation: Practical safeguards including Risk Assessments, Threat Modelling (STRIDE), and Software Bills of Materials (SBOMs). Course Curriculum • Module 1: Introduction to the EU regulatory context, cybersecurity principles, and critical timelines. • Module 2: Defining scope, Annex I security requirements, and understanding penalties / fines. • Module 3: Overview of compliance standards (synergies with RED Delegated Act, IEC 62443) and conformity strategies. • Module 4: Practical execution including risk assessment, supply chain security, frequently asked questions and a path forward. Who Should Attend Product manufacturers, systems engineers, compliance officers, and management teams targeting the EU market. About the Instructor Marvin Damschen, Ph.D. Marvin Damschen is a Technical Management Consultant at Evidente Sweden AB, specializing in cybersecurity and functional safety for complex systems. Formerly a Research Lead at RISE, he utilizes his background in software-intensive systems to guide organizations through regulatory frameworks such as CRA and NIS 2. Training 10+ people? Get volume pricing on our 2-hour CRA Selfpaced course. Contact Nohau at: academy@nohau.se