Meroi Security is proud to share that our founder and CEO, Julian Meroi, was an invited speaker at the Lucent Sky – Zerone CRA Supply Chain Webinar, a key event bringing together Taiwan’s leading manufacturers, technology providers, and policymakers to address the impact of the EU Cyber Resilience Act (CRA) on the supply chain.
Julian’s talk, “Strengthening your Software Supply Chain: CRA compliance as an EU market accelerator demonstrated how CRA is not just a regulatory hurdle but a strategic opportunity for companies seeking to expand in Europe and how to integrate it in the software supply chain.
Watch the full webinar:
On Youtube HERE
On Zerone website: HERE
Below you find a summary of the topics discussed.

From Compliance to Competitive Advantage
During his session, Julian presented a clear 90-day roadmap to CRA readiness and explained how early compliance can:
Accelerate EU Market Entry
Avoid customs delays and ship products without interruption when enforcement begins.
Win More Business
Become a preferred supplier by reducing buyer risk scores and demonstrating cybersecurity maturity.
Cut Costs and Risks
Prevent expensive crash projects, product recalls, and fines of up to 2.5 percent of global turnover.
Turn Security Into a Selling Point
Use “CRA Ready” as a mark of trust on datasheets, websites, and sales decks.
Julian also shared five key insights for success:
- Automate SBOM generation and evidence collection.
- Reuse ISO 27001, IEC 62443, RED and other regulatory documentation to accelerate compliance.
- Secure your supply chain with CRA clauses and risk-based supplier tracking.
- Start small with a pilot product, then scale your program across all lines.
- Position security as a feature and a commercial advantage.
CRA and the Software Supply Chain: What Changes in Practice
For most manufacturers, CRA readiness is won or lost in the software supply chain: open-source dependencies, third-party libraries, SDKs, firmware components, and outsourced development. CRA makes it essential to prove not only that you build securely, but that you can trace, control, and remediate risk across everything you ship.
What CRA effectively requires from product teams
A repeatable system that covers:
- Component transparency (SBOM, versioned per release) so you know what is inside each product/version and can assess downstream exposure quickly.
- Continuous vulnerability monitoring and prioritisation across dependencies (not just occasional scans).
- Clear vulnerability handling workflows (intake → triage → remediation → customer guidance) that produce audit-ready evidence.
- Supplier security obligations through contracts: SBOM availability, vulnerability disclosure cooperation, and patch timelines.
- Post-market capability to ship timely security updates and demonstrate ongoing monitoring.
Why this matters commercially
EU buyers increasingly treat supply chain security as a supplier selection filter. Strong CRA-aligned supply chain controls reduce procurement friction, shorten security questionnaires, and strengthen your position as a trusted vendor.
Webinar Recap: Strengthening Software Supply Chain Security with Zerone & Lucent Sky
Building on the forum discussion, Julian recently hosted a CRA-focused webinar in partnership with Zerone and Lucent Sky on the theme:
“Strengthening your software supply chain: CRA compliance as an EU market accelerator.”
The session focused on practical implementation: how to integrate SBOM automation, dependency vulnerability management, and evidence generation into existing engineering workflows—without adding unnecessary bureaucracy. It also covered how to operationalise supplier requirements and prepare an evidence pack that stands up to customer audits and conformity assessment expectations.
Key practical takeaways from the webinar
- Start with one pilot product and build templates you can reuse across product lines.
- Make SBOM and vulnerability evidence automatic (CI/CD integration, central storage, versioning).
- Define supplier clauses early: SBOM availability, disclosure cooperation, patch SLAs, and escalation paths.
- Turn compliance into a trust signal: publish security commitments and maintain measurable response performance.
How Meroi Security Can Help
Meroi Security offers comprehensive CRA readiness support for manufacturers and technology companies:
EU Representative Office
Act as your official EU point of contact for CRA, NIS2, GDPR and other regulations.
CRA Readiness Program
From scoping and gap analysis to SBOM automation, supplier contract updates, and technical file preparation.
Software Supply Chain Security
Establish SBOM-by-design, supplier security clauses, dependency governance, and continuous vulnerability monitoring across product releases.
Technical Implementation
Deploy CI/CD scanning, vulnerability management, post-market monitoring, and incident response systems.
Training and Capacity Building
Equip your engineers, product managers, procurement, and compliance teams with the skills to maintain ongoing compliance.
With our support, you can simplify compliance, accelerate time to market, and convert regulatory obligations into a growth engine.
Book Your Free Consultation
Take the first step toward CRA compliance today.
Book your free 30 minutes consultation and start building your EU market advantage with Meroi Security.





