Important: This page contains secure information about our products. Sign in to access authorized resources.
Important: This page contains secure information about our products.
View Secure InformationImportant: Authentication is required to view secure content.
reenter your passwordThe Cyber Resilience Act (CRA) is a landmark piece of legislation, ratified by the European Commission in November 2024 (Regulation (EU) 2024/2847). It will come fully into effect in December 2027. This regulation mandates that any company selling products or services with digital elements within the EU must comply with the legislation to obtain the CE mark.
These functional security requirements establish a security baseline for products and services within Europe.
These requirements ensure that companies follow security practices and procedures, including:
NXP values security and compliance highly and we are dedicated to supporting your efforts as a customer to meet your needs and regulatory requirements.
NXP commits to compliance with all applicable laws and regulations. This includes the Cyber Resilience Act (CRA) as it applies to semiconductors. NXP is actively preparing for CRA implementation. Please note that the CRA is scheduled to be enforced starting December 11, 2027, and currently several aspects of the regulation are still evolving and being clarified. NXP is closely monitoring the legislation to ensure compliance. As part of this effort, NXP will provide clear statements outlining how our product family will comply with the applicable CRA classes.
From the date when the CRA compliance applies, all NXP products sold in Europe will attain the CE Mark. NXP has experience with similar requirements in medical, automotive, and industrial domains through its secure development process, aligned with ISO and IEC industry certifications like IEC 81001-5-1, IEC 62443-4-1, and ISO 21434.
Explore how to meet CRA requirements for secure product design and life cycle.
NXP's compliance and security certifications are supported by NXP's EdgeLock® Assurance Program and validated through a broad range of security compliance certifications. Company-wide security certifications are available here.
Our processes support the key principles of the CRA, including:
The comprehensive overview of NXP's security development process and Information Security Management System (ISMS) describes the company-wide Business Creation and Management (BCaM) framework, the NXP Security Maturity Process (SMP), and the overarching Product Security Program.
Our development process is built on core security-by-design principles, validated and certified against industry standards such as ISA/EIC 62443 4-1 ML3 (Industrial Control Systems), ISO/SAE 21434 (Automotive), and IEC 81001-5-1 (Medical).
Our products undergo rigorous security testing using state-of-the-art tools during development. Some products are also tested by external partners, as detailed in our Certified EdgeLock Assurance Program.
NXP's dedicated Product Security Incident Response Team (PSIRT), working according to specified processes, addresses security vulnerabilities and incidents in a timely manner. The team provides clear guidance on the impact, severity and mitigation of reported vulnerabilities.
NXP actively participates in standardization and industry groups (such as CENELEC, ETSI, GlobalPlatform, Auto-ISAC and Matter) within Europe, contributing to the ongoing definition of the CRA. This involvement ensures that our processes, procedures and practices remain compliant and up to date.
NXP offers a broad portfolio of devices supporting your security applications, featuring robust security capabilities supported by user-friendly tools and our extensive partner ecosystem.
| Required security capability (regulations) | Supporting security functions by NXP solution1 |
|---|---|
| Product configuration |
|
| Product authentication |
|
| Access to product |
|
| Data protection |
|
| Product monitoring and cyber state awareness |
|
| Vulnerability fix and product update |
|
|
|
1 Please check NXP product datasheets/security manuals for availability of specific security functions.
|
AN14671: Ease CRA compliance with EdgeLock Discrete Portfolio Discover how the EdgeLock Discrete portfolio can support OEMs in implementing the CRA requirements |
Application Note |
Oct 13, 2025 |
|
Secure by Design: Foundational Security for Embedded Systems Explore how NXP and PHYTEC enable secure embedded systems by integrating hardware-based security, secure design principles, and lifecycle management. |
White Paper |
Jul 10, 2025 |
|
Complying with the Cyber Resilience Act (CRA) Explore how to meet CRA requirements for secure product design and life cycle. |
White Paper |
Jul 10, 2025 |
|
AN14601: Ease CRA Compliance with i.MX 93 Discover how i.MX 93 can support OEMs in implementing the CRA requirements |
Application Note |
Jun 25, 2025 |
|
AN14687: Ease CRA Compliance with MCX N Discover how MCX N can support OEMs in implementing the CRA requirements |
Application Note |
Jun 20, 2025 |
All information provided by NXP is accurate to the best of NXP's knowledge and will not operate to create or increase any NXP obligation. All information is provided “AS IS” and NXP makes no representation or warranty, express or implied, of accuracy, completeness, that products will be suitable for any specified use, or that the information, test results, analysis or assessments are reliable without further testing or modification by the customer. NXP will not be liable for any damage or loss arising from, in connection with or incident or to any information or assistance provided by NXP. Customers are responsible for the design and operation of their applications and products and are responsible to provide appropriate design and operating safeguards to minimize risks associated with their applications and products.