The European Cyber Resilience Act and its Automotive Impact
The European Cyber Resilience Act (CRA) is set to reshape how automotive companies in Gipuzkoa, Spain, approach product security. A recent forum in Donostia, organized by industrial cybersecurity centers Ziur and Mubil, gathered approximately fifty mobility sector companies to analyze the regulation’s implications. The event, titled “CRA Law in Automotive: From Regulatory Requirement to Competitive Advantage,” focused on how the CRA will affect processes, products, market access, and after-sales service for connected vehicles and components.
Adaptation as a Competitive Necessity
Provincial Deputy for Economic Promotion and Strategic Projects of Gipuzkoa emphasized that major industry challenges like cybersecurity can no longer be tackled in isolation. Local initiatives like Ziur and Mubil are collaborating to provide joint responses that directly impact the competitiveness of regional companies. Ziur’s director, María Penilla, framed the new regulatory framework as an opportunity to strengthen preparedness, differentiate in the market, and improve incident response. The CRA forces companies to integrate security from the design stage, turning a compliance requirement into a competitive differentiator.
CRA Acceleration Program Gains Traction
The forum also unveiled initial results of Gipuzkoa’s CRA Acceleration Program, backed by a three million euro budget from the Provincial Council and promoted by Ziur. The program helps companies evaluate their connected industrial products and services throughout the adaptation cycle. In its first eight months, 25 percent of planned evaluations have been initiated, with a target of up to 70 per year. Attendees heard case studies demonstrating how the regulation practically impacts businesses, from OEMs to tier 1 suppliers. For the automotive cybersecurity community, this signals that proactive CRA compliance is becoming a market requirement, not just a legal obligation.
Source: Diario Euskadi

