Cyber Resilience Act & EU Product Liability in Practice

New cybersecurity requirements for software, AI, and connected digital devices in the EU starting in 2026

training

Favorite Share Open as PDF (German) PDF FILE

This training is held in German.

The Cyber Resilience Act (CRA), NIS 2, and the new EU product liability rules for software and high-risk AI systems pose significant legal and practical challenges for companies in terms of cybersecurity. The CRA's scope of application to products is very broad. In addition, manufacturers will be responsible for open-source components in the future. Strict reporting requirements for certain cybersecurity incidents will apply from fall 2026, and from December 2027, the distribution of software or networked devices will only be permitted with a CE mark as a seal of cybersecurity. The training a compact, practical, and in-depth introduction to these requirements. The focus is on products from companies that develop, distribute, or import software, apps, or AI, as well as hardware and other devices with any digital components. The scope of application is very broad. It covers current EU information (notification bodies, harmonized standards) and key CRA content such as security by design, conformity procedures, product classes, security requirements, reporting obligations and response times, software bill of materials (SBOM), and technical information obligations. In addition, the interaction between CRA, product safety, and EU product liability and defect liability is discussed. The training participants to understand CRA and the scope of liability, apply it to their own practical cases, and integrate new obligations into existing processes. Example cases and questions from practice will be discussed together.

Basics

Introduction to the objectives of CRA, NIS 2, and the EU Product Liability Directive to better understand the framework conditions and background, such as digital sovereignty in the EU.
Scope of the CRA as distinct from NIS 2 and the AI Act.
Classification of software and products with digital elements into risk classes according to the Cyber Resilience Act (CRA) and the associated obligations.
Responsible actors.
Persons responsible within the company for implementing the CRA in practice.

Software Bill of Materials (SBOM)

Contents, format, and provision of software bill of materials (SBOM).
Solution approaches and standards such as the BSI guidelines for ensuring transparency and increasing security in the software supply chain (Software Supply Chain Security).

Security requirements and cybersecurity measures for software and products with digital elements in the CRA

Content of cybersecurity strategies from development to market launch and in the supply chain, OSS compliance.
Security by design, update obligations throughout the entire product life cycle of software.
The need for continuous safety management.
Ensuring the cybersecurity of digital components, IoT products, and functional safety through security by design and strict reporting requirements.
What do the five-year update obligations mean for product cybersecurity in practice?

Conformity assessment procedures and CE marking

Conformity assessment procedures.
Practical implementation of the CE marking requirement for products.

Scope of CRA liability for products with open source software code, including license management and liability exclusions

Approaches to the secure use of open-source software in products in the supply chain.
Responsibilities, exceptions, legal and contractual liability.

Reporting obligations in the event of security incidents

Overview of reporting requirements and response times for security incidents to prevent sanctions.

Implementation deadlines, legal consequences of violations

Deadlines for implementing the new requirements and affixing the CE marking.
Sanctions, fines, and other consequences for violations of the new rules.
Ways out and exceptions.

EU product liability for software

Explanation of strict EU product liability for software, digital technologies, and artificial intelligence.
Changes resulting from the planned EU Product Liability Directive in the case of defective software and distinction from liability for defects.
Scope of the new regulations.
Responsible parties and scope of liability.
Solutions for reducing liability.
Product liability for high-risk AI systems under the AI Regulation and the CRA.

Learning environment

In your online learning environment, you will find useful information, downloads and extra services for this training course once you have registered.

Your benefit

Practical application: Understanding EU requirements and applying CRA to your own products in practice.
Always up to date with the latest EU regulations on CRAs.
Exchange with other companies and attendees specific implementation and application issues.
Valuable new approaches for implementation through discussions.
Apply EU legal requirements, understand legal uncertainties, learn to deal with them, and learn to tolerate them.
Checklists and recommendations for action.

trainer

Vilma Niclas

Methods

Interactive lecture with presentation, discussion, exchange of experiences and networking attendees , exercises and application of what has been learned in small groups, potential solutions, suggestions, examples, discussion of individual practical questions.

Recommended for

Managing directors, executives,experts, developers, programmers,employees, in-house lawyers of providers or manufacturers of software, IoT products, hardware, and other technologies who are preparing for the new EU security requirements of CRA, NIS 2, and EU product liability and want to minimize risks and liability.

Open Badges - Show what you can do digitally too.

Open Badges are recognized, digital certificates of participation. These verifiable credentials are the current standard for integration in career networks such as LinkedIn.

With them, you digitally demonstrate the competences you possess. After successful completion, you will receive an Open Badge from us.

On-site training together

Booking number
41195

€ 920,- plus VAT

Details

1 day

in Frankfurt a. M.

on 16.03.2026

German

In-person trainings

Joint online training

Booking number
41197

€ 920,- plus VAT

Details

1 day

Online

on November 24, 2026

German

Live online events

Train several employees internally

Pricing upon request

Customized training courses according to your needs
Directly at your premises or online
Cost advantage from 5 participants
We contact you within 24 hours (Mon-Fri)

1 day

In-person or Online

Request

Ratings and feedback from our participants

3.9

6 Ratings

training content:

3.4

Content comprehensibility:

3.7

Practical relevance:

4.3

Trainer expertise:

3.9

Participant orientation:

4.3

Method variety:

3.7

Start dates and details

All

In-person

Online

Date

Select time period

Location

Zip

0 events

show only bookable events

16.03.2026

Frankfurt a. M.

Details

Booking number: 41195

€ 920,- plus VAT.

€ 1,094.80 incl. VAT.

Venue

Novotel Frankfurt City

Lise-Meitner-Straße 2, 60486 Frankfurt a. M.

Room rate: € 106,81 plus VAT.

Arrival via Deutsche Bahn

Travel at reduced rates by booking via the learning environment.

Days & Times

1 day

Monday, 16.03.2026

09:00 am - 5:00 pm

Fee includes

The participation fee includes

one joint lunch per full seminar day,
Catering during breaks and
extensive working documents.

Participants will be charged directly by the hotel for their hotel accommodation. You will find a reservation form for hotel bookings in your learning environment.

24.11.2026

Live-Online

Details

Booking number: 41197

€ 920,- plus VAT.

€ 1,094.80 incl. VAT.

Course

zoom

Technical notes

We use various software to conduct our online events.

To the system check

Days & Times

1 day

Tuesday, 24.11.2026

09:00 am - 5:00 pm

Sufficient places are still free.

Don't wait too long to book.

Fully booked.

The next booking ensures this course will take place

Booking number: 41195

€ 920,- plus VAT.

€ 1,094.80 incl. VAT.

Details

1 day

Fee includes

The participation fee includes

one joint lunch per full seminar day,
Catering during breaks and
extensive working documents.

Participants will be charged directly by the hotel for their hotel accommodation. You will find a reservation form for hotel bookings in your learning environment.

Booking number: 41197

€ 920,- plus VAT.

€ 1,094.80 incl. VAT.

Details

1 day

Book later

You are welcome to make a non-binding advance reservation.

Book in advance

No suitable date?

You are welcome to be notified by e-mail as soon as new dates are released.

e-mail notification

Please note: We use third-party tools for selected events. Personal data of the participant will be passed on to them for the implementation of the training offer. You can find more information in our privacy policy.

About us - The Haufe Akademie

Your optimizer, innovator and companion since 1978 -
Your professional partner for professional development and seminars, training courses and topical conferences.

Whether on site, live online or in-house - our customised solutions, our claim to the highest level of consulting expertise and training tailored to your needs simplify the acquisition of skills for the working world of the future and sustainably facilitate professional development.

A wide range of seminars, individual coaching and our flexible formats support HR managers and decision-makers in shaping the future and developing employees, in-house teams and companies.

Experience the benefits of online training from the comfort of your own home. Our online formats meet the highest quality standards and are in no way inferior to face-to-face events in terms of practical relevance. Learn together live online in interactive groups or digitally at a time of your choice.

3,500+ further training

620,000+ apprentices per year

Over 95% positive reviews

2,600+ trainers and coaches

18,000+ training courses held per year

Call us or send an email