
CRA Explained: What the Cyber Resilience Act Means for Device Manufacturers
From Nerding Out With Viktor by Viktor Petersson
December 17, 2025 · 1h 6m · Season 2 · Episode 21
About this episode
Viktor Petersson and Sarah Fluchs discuss the implications of the EU's Cyber Resilience Act for device manufacturers and the challenges of compliance.
In this episode of "Nerding Out with Viktor," host Viktor Petersson sits down with Sarah Fluchs, CTO and OT cybersecurity expert, to unpack the EU's Cyber Resilience Act and what it means for anyone building connected devices. Sarah shares her journey from engineering into the world of OT security, and explains her involvement in the CRA expert group that's shaping how the regulation gets implemented. Together, they explore what CRA compliance looks like in practice—from the requirement to provide five years of vulnerability support, to the constraints around over-the-air updates, and the rising importance of Software Bills of Materials (SBOMs) in embedded systems. The conversation dives into the practical challenges facing device manufacturers, including how to structure security workflows, manage firmware lifecycles, and prepare for regulatory scrutiny. Sarah offers clear, grounded insights into the timeline, scope, and enforcement mechanisms of the CRA, helping listeners understand what's required and what's still being defined. Viktor and Sarah also discuss the broader implications of the CRA for the embedded and IoT ecosystem, exploring how the regulation intersects with…
People in this episode
Host: Viktor Petersson
Guest: Sarah Fluchs
Topics covered
- Cyber Resilience Act
- device manufacturers
- OT security
- vulnerability support
- Software Bills of Materials
- regulatory compliance
Keywords
- Cyber Resilience Act
- device manufacturers
- OT security
- vulnerability support
- Software Bills of Materials
- firmware lifecycles
- regulatory scrutiny
Mentioned in this episode
Organizations: EU, CRA expert group, IoT
More episodes of Nerding Out With Viktor
- Post-Quantum Cryptography: The Trust Crisis Coming for Every System with David Pollak · May 27, 2026 · 1h 24m
- Rethinking Container Security: Why Isolation Was Never Built In (with Alex Zenla) · April 30, 2026 · 1h 19m
- SBOMs & CRA Compliance with Olle Johansson and Anthony Harrison · March 24, 2026 · 1h 21m
- Biohacking Resilience: Engineering the Human System with Marcelo Garcia · February 11, 2026 · 1h 12m
- UK Online Safety Act: Digital ID and the Risks of a Database State · November 19, 2025 · 1h 6m
- Rethinking Software Security Compliance in the Age of AI with Nick Selby · November 5, 2025 · 57 min
Explore listener stats, chart rankings, contacts and more on the Nerding Out With Viktor podcast page.