CRA Insights

One Product, Two Worlds: Will the EU’s Cyber Resilience Act Trigger a US Ban? For global tech manufacturers, the “Holy Grail” is a single product design that can be sold everywhere. But a regulatory storm is brewing that might make that impossible. On one side of the Atlantic, the EU’s...

The Router Revolution: Why the FCC Ban is a Global Game Changer By Erel Rosenberg, Clea Rozenblum and SeongEun Kim i46 s.r.o. – For years, the conversation around router security was about “bugs”—software vulnerabilities that a quick firmware update could fix. But as of March 2026, the game has changed....

Why Risk Assessment Falls Short in Cybersecurity While new regulations like the Cyber Resilience Act (CRA) and the AI Act make risk assessment a legal requirement, they often put manufacturers in a difficult spot. The problem is that many security risks come from things a manufacturer can’t control, like the...

Understanding the Notepad++ Updater Hijack The Notepad++ Updater Hijack refers to a security vulnerability, specifically a DLL Hijacking attack, that was discovered and exploited in the update mechanism of the popular text editor, Notepad++. This vulnerability allowed an attacker to execute malicious code on a user’s system by manipulating the...

DISK46: A Secure, LUKS-Preinstalled Linux Distribution for Raspberry Pi Risk Assessment I. Product Identification DISK46 represents a specialized Linux distribution image, meticulously crafted with a preinstalled LUKS (Linux Unified Key Setup) encryption layer. This design choice prioritizes robust data security from the moment of deployment.   1. Target Hardware and...

Securing the Edge: Disk Encryption Challenges Under the EU CRA The European Union’s Cyber Resilience Act (CRA) is redefining security mandates for all products with digital elements. For IoT device manufacturers, compliance begins with securing the data itself. Two specific requirements detailed in Annex I of the CRA directly address...