Objectives
CURIUM aims to achieve its vision by:
- Developing an innovative Compliance Continuum to automate CRA compliance.
- Driving widespread adoption with modular, cost-efficient, and open-source solutions tailored to industry needs.
- Fostering knowledge and capacity building to support CRA implementation.
- Utilizing an agile validation process with continuous feedback loops.
- Fostering long-term sustainability by actively engaging industry stakeholders and policymakers in tool development and training.
- Through these efforts, CURIUM will contribute to a Trustworthy Certified Digital Valley, strengthening Europe’s cybersecurity ecosystem.
Approach
The CURIUM project follows a structured methodology to effectively implement the Cyber Resilience Act (CRA), combining technical innovation with stakeholder engagement.
- Stakeholder Engagement
- Standardization & Certification Experts ensure alignment with the CRA and broader European cybersecurity initiatives by leveraging their expertise in EU policies, certification, and regulatory frameworks, fostering a Trustworthy Certified Digital Valley.
- Security Providers, comprising technology companies, research institutes, and universities, develop cybersecurity solutions and collaborate with Standardization and Certification Experts to enhance security tools, strengthen market positioning, and drive innovation.
- End Users including SMEs, large industries, critical infrastructure operators, and digital asset developers benefit from CURIUM’s Compliance Continuum, enabling them to assess cybersecurity maturity, achieve compliance, and mitigate risks.
Triangle of key actors
By integrating and actively engaging these stakeholders in the project activities, CURIUM ensures a holistic, industry-driven approach to cybersecurity resilience and regulatory compliance in Europe.
- Compliance Continuum
CURIUM introduces the Compliance Continuum which is an integrated cybersecurity assessment framework that evaluates digital products both individually and within their broader system-wide interconnections to address security implications. With a cost-effective and modular design, the platform is tailored for SMEs and micro-enterprises, simplifying compliance processes.
The Compliance Continuum integrates five key cybersecurity services:
- Cyber Resilience Assessment (CyReA) – Identifies whether a digital product falls under the CRA and determines the required conformity assessment process.
- Digital Product Risk Management (DPRA) – Supports manufacturers in assessing cybersecurity risks across the product lifecycle to proactively minimize security threats.
- Digital Product Maturity Assessment (DPMA) – Offers a structured risk mitigation framework based on product maturity, helping manufacturers implement effective security measures.
- Conformity Assessment & Compliance (CAC) – Provides a guided approach to technical documentation and self-gap analysis, ensuring alignment with CRA requirements.
- Penetration Self-Testing & Vulnerability Assessment (PSTVA) – Equips users with tools for vulnerability assessment, code review, and penetration testing, reinforcing compliance efforts.
By leveraging these services within an agile validation framework, CURIUM ensures continuous stakeholder feedback, reinforcing its long-term sustainability and effectiveness. Ultimately, CURIUM will deliver a trusted, automated, and cost-efficient compliance ecosystem, strengthening Europe’s cybersecurity resilience in the digital age.