The Cyber Resilience Act (CRA), which becomes mandatory from December 2027, the Radio Equipment Directive (RED), which already applies, the NIS2 Directive and the new Product Liability Act present manufacturers of embedded systems with new challenges and create a considerable additional burden for development and quality management departments within companies.
Although many of the underlying standards – in particular IEC 62443 and other industry-specific standards – are well established, they are only now acquiring regulatory relevance for numerous embedded Linux-based products.
Comprehensive Cybersecurity Services for Embedded Linux

emlix has been supporting companies in the development of secure embedded Linux systems for more than 25 years. For over 15 years, we have been successfully guiding customers through the implementation of security-by-design concepts, regulatory compliance and long-term security lifecycle management.
Specifically, in this context we offer the following services to support you in implementing the required cybersecurity:
■ Risk analysis workshops: It is not only the CRA that requires a risk analysis to be the root of every security concept and all measures. Done well, it significantly reduces the effort needed for implementation – as well as the lifecycle costs of the product. Our services range from compact one-day workshops through to complete risk analyses for new developments and legacy products.
■ Security engineering / security-by-design concepts for embedded Linux systems: Our security engineers and Linux experts support the entire development process, beginning with the cybersecurity concept. We are also happy to plan measures across the entire software stack with you.
■ Embedded Linux security, implementation, testing and documentation: With the accumulated know how of around 50 kernel, embedded Linux and security experts, we support our customers in implementing the required measures in an optimal, sustainable and also cost-efficient way.
■ Automated testing (also) of the security measures: Critical properties are tested in an automated and reproducible way, both during development and during later security update management.
■ Trustable build toolchain for reproducible builds: To ensure traceability and reliable version management, a build toolchain is required that enables reproducible builds – ideally even after several years. This also follows, among other things, from the new Product Liability Act. emlix supports the setup of reproducible build processes and a trustworthy embedded Linux build toolchain that enables reproducible software states over the long term.
■ (Security) lifecycle management throughout the entire product lifecycle: Just as for cybersecurity at market launch, the CRA and the relevant standards such as IEC 62443 require, without exception, security lifecycle management throughout the entire product lifecycle. emlix offers standards-compliant services for this:
■ emlix CVE Management
■ emlix Security Update Management
■ long-term lifecycle maintenance
Plan your CRA implementation with emlix and benefit from the following advantages
■ More than 25 years of experience in embedded Linux development for regulated markets
■ Around 50 kernel, embedded Linux and security experts with excellent insight into the Linux community and the relevant developments
■ Hands-on project experience with embedded Linux-based systems subject to IEC 62443
■ Development and lifecycle management processes certified to IEC 62443-4-1
■ Established, standards-compliant services for CVE management and security update management
■ Standards-compliant build and test infrastructure
■ Comprehensive expertise in systems engineering, security engineering and, in part, safety engineering
■ End-to-end support from a single source: at emlix you can get – if you wish – the systems and security engineering services, the implementation by embedded Linux experts, the required DevOps services and the entire embedded Linux lifecycle management from a single source.
More information on CRA complianceFeel free to call us or send us an email. During our initial consultation, we’ll work with you to assess your current situation and discuss possible steps and measures. Our experts from the emlix Solutions team |