3. Jun 2025
Cyber Resilience Act (CRA) – What Swiss manufacturers should know now
From 1 January 2027 the Cyber Resilience Act (CRA) will set new standards for digitally connected products and systems. Because many customers, partners and auditors already demand these requirements today, now is the right time to have your Robotec system checked: pragmatically and cost-effectively with the Robotec CRA Check.
The issue is more topical than many think. Because the Cyber Resilience Act will come fully into force from the start of 2027 – and already today many customers, partners and auditors require the latest security standards in the supply chain.
Since assessing and securing existing systems takes time, manufacturers should act now to reduce risks at an early stage and be prepared for future requirements. Sven Schmid, Head of Services at Robotec answers the most important questions in the following interview.
Why does the Cyber Resilience Act (CRA) also affect Swiss companies?
Sven Schmid: The CRA is an EU regulation for the cybersecurity of connected products. Even though Swiss companies are not directly subject to the EU, the rule is: anyone who supplies machines, components or products to the EU — or is part of an EU supply chain — must meet the requirements. In addition, many customers and partners will require the new standards in the future. Cybersecurity thus becomes a competitive factor.
The key questions are: Can we afford a production outage? And if so, for how long?
Where is the greatest risk in production?
Sven Schmid: In many companies, production equipment is the weakest link. Older machines in particular are often insufficiently protected — sometimes connected to the corporate network or even the internet without anyone knowing. At the same time, connectivity is increasing through Industry 4.0, remote maintenance and data exchange. The key questions are: Can we afford a production outage or the security risk? And if so, for how long?
What does this mean concretely for companies with robot-based automation?
Sven Schmid: All manufacturing companies with connected systems should review their setups. The goal is not maximum complexity but risk reduction and operational safety. Even simple measures can significantly reduce downtime or security risk.
Many customers and partners will require the new standards in the future. Cybersecurity thus becomes a competitive factor.
Your conclusion?
Sven Schmid: Cybersecurity in production is not an IT issue but an availability issue. Those who act early protect not only data but above all their ability to deliver. Our focus is on practical solutions that increase production availability and sustainably reduce security risks.
What first steps do you recommend?
Sven Schmid: We recommend the Robotec CRA Check to all our customers, a pragmatic, structured review of existing systems. The check includes an analysis and evaluation of the current state. From this we derive guidelines and recommended measures — depending on the threat situation and risks.
* * *
Request your CRA Check now
Take this opportunity now to bring your systems up to the required security standard in time. We look forward to your inquiry.
