The EU CRA Program Implementation in Nokia (R20b)
The EU Cyber Resilience Act (CRA) impacts Nokia by requiring compliance with stringent cybersecurity standards for products with digital elements sold in the EU. Nokia’s CRA program focuses on aligning product security processes, supply chain management, and legal frameworks to meet these requirements. Nokia’s approach to regulatory compliance is structured around the Regulatory Compliance Management Framework, which provides a systematic, step-wise process to address security-related regulations across countries and regions. The framework is designed to adapt to varying regulatory requirements, enforcement mechanisms, and areas of focus (e.g., product security, service security, etc.). The Nokia EU CRA Program is structured into multiple projects and initiatives to ensure compliance with the EU Cyber Resilience Act (CRA). These projects focus on analyzing, planning, and implementing necessary changes across Nokia’s processes, tools, and governance structures. The presentation will share our approach to address this complex regulation.
