Risk Management
One of the foundational CRA requirements is risk assessment for product cybersecurity. The risk assessment must be carried out, documented, and kept up-to-date for each product and release.
EU CRA Reference
Chapter 2, Article 13 Obligations to Manufacturers, (3)
The cybersecurity risk assessment must be documented and updated during the product's support period, analyzing risks based on the product's intended purpose and indicating how security measures are implemented.
Go to the legislationOWASP SAMM Reference
Governance
The OWASP SAMM Strategy & Metrics practice includes activities such as establishing processes and methodologies for security activities and setting a foundation for consistent and measurable security practices.
Learn more about SAMMOWASP SAMM Reference
Design
The OWASP SAMM Threat Assessment practice includes activities such as identifying potential security risks at the design stage and defining a formal process for assessing application risks.
Learn more about SAMMQt Group Highlights
Qt Risk Assessment
The risk assessment allows Qt to identify and justify the relevance of CRA requirements on a feature and product-level.
Decreased Risks
The risk assessment along with Qt processes and practices decreases the risks from security incidents attributable to Qt product quality.
Next Steps at Qt Group
Publish relevant risk assessment documentation for each Qt release during 2026
More Related to Risk Management
The information contained on this page and this website does not constitute legal advice. It is provided for informational purposes and discussion of the subject matter only. Content is subject to change and The Qt Group does not guarantee the accuracy or currentness of the contents of this page nor is The Qt Group responsible for the content or operation of any external website that these pages link to—or that may link to—these pages. The information contained here is not, and should not be used as, a substitute for legal advice.