Skip to main content

Training

Cyber Resilience Act (CRA) for manufacturers of machinery and equipment

In our one-day training, you will gain in-depth knowledge on how to implement the new EU cybersecurity requirements for products.

Register now

In this seminar, held jointly by experts from Limes Security and IBF Solutions, you will learn in a practical way what obligations the Cyber Resilience Act (CRA) entails for manufacturers of machines, systems, and electrical devices, and how you can fulfill these obligations efficiently and in a legally compliant manner. Our experts will provide you with all the relevant information in a compact format—from regulatory CE requirements to technical IT security measures.

Among other things, you will learn which products are affected by the CRA, how to perform a security risk analysis, how to integrate “security by design” into your development processes, how to establish effective vulnerability management, and which documentation requirements you must observe. This will ensure that you are optimally prepared to implement the new legal requirements in a targeted manner in practice and bring the cybersecurity of your products up to the required state of the art.

Organizational & Training dates

Duration: 08:30 AM – 4 PM (1 Day)
Costs: € 940,- net
(Volume discount for 3 or more participants from the same company)
Language: German

February 4th, 2026 | Hagenberg – Austria
April 16th, 2026 | Online
June 18th, 2026 | Stuttgart – Germany
October 15th, 2025Online
Register now

What you can expect from this training

What does the CRA mean for manufacturers?

Cyber Resilience Act & CE-labeling

Find out which products are affected, how conformity assessment works, and which exceptions apply. We clarify key terms such as placing on the market and putting into service, highlight transition periods, and explain how CE marking and other EU directives (RED, Machinery Directive) interact. Special cases such as customized machines or self-built machines are also covered.
How can security be implemented systematically?

Security risk analysis & secure development

From threat analyses and IEC 62443 to secure coding: learn how to identify and assess risks and minimize them with organizational and technical measures. Practical exercises and examples show you how to implement security requirements in software development and machine control—including secure architecture, testing, and development processes.
What exactly is the CRA demanding?

Obligations, vulnerability management, and documentation

Understand the requirements for vulnerability management, software bills of materials (SBOM), and security updates. We show you how to implement the technical requirements from Annex I, design secure remote maintenance, and fulfill formal obligations such as declarations of conformity and technical documentation. The focus is on practical implementation and a clear distribution of roles within the company.

Our customers in the areas of products, solutions, and machinery

Logo Siemens Gamesa
Commend
Logo Ginzinger
Logo Westermo
LineMetrics
Logo IFE
Logo Copadata
Logo FESTO

Are you looking for customized training for your team?

We offer customized in-house training for organizations! Ensure your team is equipped with the latest IT/OT security knowledge and industry standards by enrolling them in a customized version of this training. Our experts work closely with your company to address specific needs and challenges and ensure practical, targeted instruction.

Your speakers

Florian Gerstmayer

Head of Product & Solution Security | Limes Security GmbH

Florian Gerstmayer supports manufacturers and integrators in implementing IEC 62443 standards. After studying Embedded Systems Engineering and Innovation & Technology Management at the University of Applied Sciences Technikum Wien, he worked as a security engineer, software engineer, and technical project manager. With many years of experience in secure development processes and products, he is an expert in securing embedded systems.

Peter Panholzer

Managing Director | Limes Security GmbH

Peter Panholzer is the founder and managing director of Limes Security GmbH. For several years, he was a security consultant at Siemens CERT in Munich, focusing on security analysis of industrial products and research and development in the field of secure product development processes. Previously, he was an excellent (OT) penetration tester in this field, but today he concentrates on attack strategies, risk assessments, and architectures.

Wolfgang Reich

Specialist in CE marking and Safexpert | IBF Solutions

Wolfgang Reich has extensive training and more than 20 years of experience in CE marking, machine safety, machine conversion, electrical engineering, and explosion protection. He spent 10 of those years working for TÜV Austria and Intertek Deutschland GmbH, where he developed comprehensive skills in risk analysis and the creation of technical documentation and electrical systems.

Hendrik Stupin

Specialist in CE marking and Safexpert | IBF Solutions

Hendrik Stupin is a tekom-certified technical editor and certified CE coordinator with more than 11 years of experience in mechanical and plant engineering, particularly with engineered-to-order products. He was responsible for technical documentation, operating and assembly instructions, as well as the conformity assessment process and risk assessments in accordance with EN ISO 12100. He also gained experience in cybersecurity and OT security in the pharmaceutical industry.

Register now

We will review your registration immediately and send you our offer for confirmation of participation in our training course as soon as possible!

    Select Training Date*

    Personal Data

    Invoice address

    How we support you in implementing the CRA!

    Provision of guidance and interpretations on normative and regulatory requirements
    Regular check-ins to have an external sparring partner for discussing plans, implementations, and open questions to ensure that the project does not get stuck
    Review of internally created documents
    Support in the creation of concrete security concepts for products
    Joint implementation of security processes for learning on the job, such as workshops on threat modeling or security testing for your product!
    Creation of documents and provision of templates

    Frequently asked questions

    Who is this training suitable for?

    CE managers in mechanical and plant engineering companies (e.g., CE coordinators, CE officers, compliance managers) who need to integrate the new cybersecurity requirements into their processes.

    Design engineers, development engineers, and software developers who develop networked machines or devices and want to implement the CRA requirements in practice.

    Product managers and project managers of technical products who are responsible for compliance with IT security requirements in the development process.

    Technical managers and safety officers in mechanical engineering who want to gain an overview of the new obligations and the secure development process.

    What prior knowledge is required?

    No special prior knowledge is required, but basic knowledge of IT and OT security is advantageous.

    Will I receive a certificate after the training?

    Yes, all participants will receive a certificate confirming their participation and the knowledge they have acquired.