Admir Abdurahmanovic, SVP Strategy, Keyfactor
The EU Cyber Resilience Act (CRA) is reshaping how organizations design and deliver secure connected products and software. Beyond general security mandates, it sets specific requirements for identity, integrity, and trust—areas where properly implemented PKI and digital signing can offer state-of-the-art compliance solutions.
In this session, we explore how organizations can use the PKI Maturity Model (PKIMM) to assess and improve their cryptographic and signing practices to meet CRA expectations.
You’ll learn how key areas of PKI maturity—governance, trust architecture, identity lifecycle, cryptography, and operations—map directly to CRA compliance needs like secure software updates, supply chain traceability, and crypto agility.
We will walk through practical examples, including what “low maturity” versus “CRA-aligned maturity” looks like, and outline concrete steps to evolve your PKI and signing infrastructure using tools like EJBCA and SignServer as an example. Whether you are in device manufacturing, software development, or platform security, this talk will help you turn regulatory pressure into a resilience roadmap.
Explore the conference agenda
