EU Cyber Resilience Act (CRA) Compliance Statement

Brainboxes is actively monitoring and preparing for the requirements of the EU Cyber Resilience Act (Regulation 2024/2847), which applies to manufacturers of products with digital elements. The Act entered into force in December 2024 and is being implemented in phases:

11 September 2026 — vulnerability reporting obligations take effect.
11 December 2027 — the remaining requirements apply.

Scope and Brainboxes Products

We recognise that many of our customers are undertaking their own CRA readiness activities, including supply chain risk assessments, and may need to understand how their component suppliers are preparing.

Brainboxes products with digital elements, including our industrial IO range, fall within scope of the CRA. Our teams are working to meet the requirements of each phase ahead of the applicable deadlines.

Ongoing Updates

We are committed to keeping our customers informed as this work progresses, and plan to share updates at key milestones.

Contact

Customers with specific queries about the EU Cyber Resilience Act and Brainboxes' compliance activities are welcome to contact us at [email protected].

For broader regulatory information, see our Regulatory Compliance reference.

Scope and Brainboxes Products​

Ongoing Updates​

Contact​

Scope and Brainboxes Products

Ongoing Updates

Contact