Kepware - Cyber Resilience Act ( CRA )

Question

Dear Kepware Team,@bdube@ptc.com I hope this message finds you well.As part of our ongoing efforts to align with upcoming EU cybersecurity regulations, I would like to inquire whether Kepware products—specifically KEPServerEX—are expected to be subject to the requirements of the Cyber Resilience Act (CRA).If so, could you kindly share:Whether Kepware is actively working towards CRA compliance?The anticipated timeline by which Kepware products will be CRA-compliant?Any documentation or roadmap that outlines your approach to meeting CRA obligations?Understanding your position on this matter will help us plan our integration and compliance strategy accordingly.Thank you in advance for your support. Best regards,Mani

pshashipreetham · Accepted Answer

Hi,At this time, PTC is actively reviewing the requirements of the EU Cyber Resilience Act (CRA) and evaluating how it applies across the Kepware product line, including KEPServerEX.While no official compliance declaration or timeline has been published yet, Kepware products are developed following PTC’s secure software development lifecycle (SSDLC) standards, which already align closely with key CRA principles such as:Secure-by-design and secure-by-default software practicesVulnerability management and coordinated disclosure proceduresRegular patching and lifecycle support processesPTC will provide additional information and documentation once CRA compliance guidance is finalized and timelines are confirmed.For now, if your organization requires formal compliance statements or roadmap updates, it’s best to contact PTC Technical Support or your Kepware Account Manager directly. They can provide the most current status and supporting documentation under NDA if needed.Thanks,

Sign up

Please use your PTC eSupport account.

Welcome to the PTC Community

Please use your PTC eSupport account.

Scanning file for viruses.

This file cannot be downloaded