Linkedin

CRA Ready
LEROY Automation: towards integrated cyber-resilience

With the enforcement of the Cyber Resilience Act (CRA) in Europe, cybersecurity has become a mandatory requirement for all digital products, including industrial and embedded systems.

At LEROY Automation, we anticipate these demands by integrating cyber-resilience from the design stage into our BRIO, ACS27, LT, and DTD product lines.

We are proudly CRA Ready, ensuring that our solutions comply with regulatory obligations throughout their entire lifecycle.

Our certificate
CRA Ready LEROY Automation

What is the Cyber Resilience Act?

Regulation (EU) 2024/2847, known as the Cyber Resilience Act (CRA), establishes security requirements for products with digital elements — hardware, software, or combined.

A few key points:

  • Security by design and defense in depth

  • Risk analysis and reduction of the attack surface

  • Lifecycle management: security updates, patches, technical documentation

  • Transparency regarding the software components used

  • Mandatory vulnerability disclosure

  • Mandatory continuous monitoring of both new and legacy products in operation

Cybersecurity Management at LEROY Automation:

IEC 62443 Certification:
LEROY Automation has obtained IEC 62443-4-1 certification, ensuring secure development processes for both hardware and software. l

Secure design:
Our products are designed from the outset to minimize the attack surface and include security mechanisms (cryptography, hardening, etc.).

Vulnerability management:
Internal processes for monitoring, correcting, and reporting vulnerabilities, in line with CRA requirements.

Transparency:
Comprehensive technical documentation and full traceability of embedded software components.

Maintenance and updates:
A long-term support strategy with security updates provided throughout the entire product lifecycle.

IEC 62443-4-2 SLC-2 as a design target for all our products

Our “CRA Ready” products

Remote I O Modules (RIO)​
BRIO
Railway I/O modules
+
Vehicle Control Units (VCU)​
ACS
Electrical substation automation
+
Vehicle Control Units (VCU)​ (2)
LT
Modular PLC
+
Cybersecurity Datadiodes​
DTD
DataDiode
+

Cyber-Resilience Services and Support

At LEROY Automation, being “CRA Ready” goes beyond products: it is a comprehensive approach encompassing engineering, training, support, and continuous technological evolution.

Secure Engineering
Our teams integrate security principles from the earliest design stages: security-by-design, defense in depth, segmentation, component hardening, and threat analysis.

Training
Awareness and training for our developers, integrators, and partners not only on CRA requirements but also on best practices in Cyber Threat Analysis and secure cyber-design to ensure resilient and secure development.

Monitoring & Maintenance
Implementation of a comprehensive maintenance plan including security updates, vulnerability management, and daily monitoring of published vulnerabilities. Our notification and handling processes comply with regulatory requirements.

Technical Documentation
Provision of all documents required for CRA compliance: risk analysis, detailed architecture, test reports, patch management strategy, and more.

Design Audit and Co-Design
Conducting design audits, supporting secure co-design, and providing technological building blocks to facilitate the integration of cybersecurity into client systems.

Technological Watch and Post-Quantum Preparation
Continuous monitoring of technological developments, anticipating future requirements, and preparing for post-quantum cryptography (PQC) to ensure the longevity of system architectures.

Benefits for Our Clients

Regulatory Compliance
By choosing our CRA Ready products, you anticipate European cybersecurity obligations while simplifying your compliance processes.

Enhanced Security
Our solutions are built on hardened components, secure architectures, and hardware-based cryptography mechanisms. They follow ANSSI recommendations to ensure robustness and resilience for over 20 years.

Reliability and Durability
A product designed with security from the start enjoys longer operational life, reduced maintenance needs, and simplified management in demanding industrial environments.

Peace of Mind and Transparency
We provide full visibility on components, updates, and support. Our products benefit from an Operational Maintenance (MCO) process compliant with cybersecurity standards over time, ensuring service continuity and lifecycle control.

Easy Integration into Industrial Architectures
Thanks to IEC 62443 compliance and SLC-2 compatibility, our solutions integrate seamlessly into existing infrastructures, enhancing overall security without complicating deployment.

Conclusion

LEROY Automation is fully committed to proactive cyber-resilience. Our BRIO, ACS27, LT, and DTD products are designed to fully meet the requirements of the Cyber Resilience Act, while providing strong guarantees in security, compliance, and operational reliability.

Beyond mere regulatory compliance, our solutions are built to last, thanks to robust engineering, secure architectures, and anticipation of technological developments — including preparation for future cybersecurity standards and post-quantum cryptography.

By choosing LEROY Automation, you are opting for secure, sustainable automation that is ready for future regulatory requirements, with products that exceed obligations and ensure a high level of long-term trust.