Resources

Access all training videos, session materials, and resources to boost your skills.”

Welcome to the OSCRAT training resourses!

What will you find here? All about our training sessions!

OSCRAT is developing a set of modular capabilities aimed at the compliance pain-points that SMEs consistently struggle with, and our sessions  was designed to prepare organisations for those capabilities.

Explore the content of the Training sessions👇

Training session 1: Setting the context - what CRA changes, and why it matters

The first session established a baseline: the CRA is not simply another “security best practice” document. It introduces horizontal cybersecurity requirements for products with digital elements, anchored in the reality that software and connectivity have turned product security into a market-wide and supply-chain-wide risk.

Key themes included:

  • The CRA’s structure (including why the annexes matter as the practical backbone of compliance)
  • The enforcement and compliance architecture around conformity assessment
  • How CRA aligns with a wider EU resilience framework, where different instruments target different layers (products vs organisations vs sectoral resilience)
Watch the video

Download the training materials

Coming soon…

Training session 2: Scope, accountability, and the compliance obligations that will “stick”

The second session moved into the core operational questions SMEs tend to ask first:

  • “Are we in scope?”
  • “Which of our products are affected?”
  • “Who is responsible – and for what – across the supply chain?”


Participants explored how the CRA applies to products with digital elements, including hardware, software, and the remote data processing elements (for example, supporting cloud components) that are necessary for a product to function.

Watch the video

Download the training materials

Coming soon…

Training Session 3: Standards and conformity assessment - how “compliance” becomes credible

The third session addressed what many organisations underestimate: under the CRA, compliance is not just about having security controls. It is about being able to prove, with structured evidence, that controls exist, are appropriate, and are maintained. This is where standards and conformity assessment enter as the bridge between legal requirements and technical reality. The training unpacked how the standards landscape supports CRA implementation, including:

  • Why ISO 27001-style management controls matter (governance, repeatability, evidence)
  • The role of laboratories and certification bodies (including the wider quality and certification ecosystem)
  • The “horizontal vs vertical” standards model – general principles plus sector-specific detail – and how European initiatives are accelerating harmonised standards that can later support presumption of conformity
Watch the video

Download the training materials

Coming soon…

Training session 4: Implementation roadmaps - from gap analysis to CE readiness

The fourth session concluded the 2025 arc by translating “CRA theory” into a readiness roadmap. First, it reinforced that the annexes are not supplementary reading – they are the compliance roadmap. Annexes provide templates for EU Declarations of Conformity, define technical documentation expectations, and describe conformity assessment procedures that must be followed before placing products on the EU market.

Second, the session highlighted practical sequencing. A CRA gap analysis was presented as the “reality check” that prevents late-stage surprises – especially when moving toward conformity assessment or market entry decisions.

Third, the training clarified that CRA compliance can follow different paths depending on product risk:

  • Higher-risk products may require third-party evaluation by a notified body
  • Lower-risk products may allow self-assessment, but only under specific conditions and typically supported by relevant harmonised standards
Watch the video

Download the training materials

Coming soon…