cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ThingWorx Navigate is now Windchill Navigate Learn More

Translate the entire conversation x

Kepware - Cyber Resilience Act ( CRA )

Go to solution
MK_9330046
4-Participant
4-Participant
‎Oct 10, 2025 09:41 AM
‎Oct 10, 2025 09:41 AM

Kepware - Cyber Resilience Act ( CRA )

Dear Kepware Team,
@bdube@ptc.com

 

I hope this message finds you well.

As part of our ongoing efforts to align with upcoming EU cybersecurity regulations, I would like to inquire whether Kepware products—specifically KEPServerEX—are expected to be subject to the requirements of the Cyber Resilience Act (CRA).

If so, could you kindly share:

  • Whether Kepware is actively working towards CRA compliance?
  • The anticipated timeline by which Kepware products will be CRA-compliant?
  • Any documentation or roadmap that outlines your approach to meeting CRA obligations?

Understanding your position on this matter will help us plan our integration and compliance strategy accordingly.

Thank you in advance for your support.

 

Best regards,

Mani

Labels:
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
pshashipreetham
18-Opal
18-Opal
(To:MK_9330046)
‎Oct 16, 2025 04:06 AM
‎Oct 16, 2025 04:06 AM

Hi,

At this time, PTC is actively reviewing the requirements of the EU Cyber Resilience Act (CRA) and evaluating how it applies across the Kepware product line, including KEPServerEX.

While no official compliance declaration or timeline has been published yet, Kepware products are developed following PTC’s secure software development lifecycle (SSDLC) standards, which already align closely with key CRA principles such as:

  • Secure-by-design and secure-by-default software practices

  • Vulnerability management and coordinated disclosure procedures

  • Regular patching and lifecycle support processes

PTC will provide additional information and documentation once CRA compliance guidance is finalized and timelines are confirmed.

For now, if your organization requires formal compliance statements or roadmap updates, it’s best to contact PTC Technical Support or your Kepware Account Manager directly. They can provide the most current status and supporting documentation under NDA if needed.

Thanks,

Shashi Preetham,
+91 8099838001 | shashi@psptechhub.com,
PSPTechHub  ||  World of PTC Thingworx  ||  LinkedIn

View solution in original post

Notify Moderator
1 REPLY 1
pshashipreetham
18-Opal
18-Opal
(To:MK_9330046)
‎Oct 16, 2025 04:06 AM
‎Oct 16, 2025 04:06 AM

Hi,

At this time, PTC is actively reviewing the requirements of the EU Cyber Resilience Act (CRA) and evaluating how it applies across the Kepware product line, including KEPServerEX.

While no official compliance declaration or timeline has been published yet, Kepware products are developed following PTC’s secure software development lifecycle (SSDLC) standards, which already align closely with key CRA principles such as:

  • Secure-by-design and secure-by-default software practices

  • Vulnerability management and coordinated disclosure procedures

  • Regular patching and lifecycle support processes

PTC will provide additional information and documentation once CRA compliance guidance is finalized and timelines are confirmed.

For now, if your organization requires formal compliance statements or roadmap updates, it’s best to contact PTC Technical Support or your Kepware Account Manager directly. They can provide the most current status and supporting documentation under NDA if needed.

Thanks,

Shashi Preetham,
+91 8099838001 | shashi@psptechhub.com,
PSPTechHub  ||  World of PTC Thingworx  ||  LinkedIn
Notify Moderator
Announcements


Contact Community Management
Top Tags