Cumulocity & Microsoft
Preparing for the EU Cyber Resiliency Act
By September 2026, exploitable vulnerabilities must be disclosed.
By December 2027, non-compliance could cost you €15M or 2% of revenue.
Are you ready to turn compliance into your competitive advantage?
Compliance Ready Connected Products
Microsoft secures the cloud. Cumulocity secures the devices. Together, we deliver a complete path from connected product to cloud intelligence.
The EU Cyber Resilience Act (CRA) will soon reshape the way connected products are built and maintained. By September 2026, manufacturers must disclose vulnerabilities, and by December 2027, non-compliance risks penalties of up to €15M or 2% of global turnover. For enterprises, this is more than a regulatory hurdle—it is an opportunity to reduce risk, avoid costly fines, and turn product security into a strategic advantage.
- Microsoft has made customer cybersafety a top priority through its Secure Future Initiative (SFI)—a multi-year program that embeds the highest standards of security into every product. Built on the principles of secure by design, secure by default, and secure operations, SFI ensures vulnerabilities are identified, mitigations are managed, and enterprise security policies are enforced at scale.
- Cumulocity extends these protections to the device layer. We automate application security compliance across heterogeneous fleets—patching vulnerabilities, updating device identities, and maintaining secure configurations through over-the-air updates. All of this is delivered in an auditable, scalable, and consistent way, ensuring enterprises can meet CRA requirements while also building a stronger foundation for innovation.
Learn more about navigating the CRA
Hear from the experts on Regulatory-Ready Smart Equipment Development
Video disabled
You have to
accept marketing cookies
to watch this video.
Business Drivers
Secure by design
Zero Trust and Adaptive Cloud compliant solutions for the entire device lifecycle.
Connected for value
Built-in IoT Data Ops provides a quality-and contextualized data interface.
Intelligent at scale
Data flows seamlessly between Cumulocity and pre-integrated Azure services.
Regulatory ready
CRA-compliant and adaptable to future EU and global security regulations.
Complementary, not competitive
Video disabled
You have to accept marketing cookies to watch this video.
Business Drivers
Secure by design
Zero Trust and Adaptive Cloud compliant solutions for the entire device lifecycle.
Connected for value
Built-in IoT Data Ops provides a quality-and contextualized data interface.
Intelligent at scale
Data flows seamlessly between Cumulocity and pre-integrated Azure services.
Regulatory ready
CRA-compliant and adaptable to future EU and global security regulations.
Complementary, not competitive
Some may ask: How does Cumulocity compare with Azure IoT?
Microsoft provides the secure, scalable cloud foundation for AI, analytics, and enterprise data. Cumulocity extends that foundation to the device layer, managing fleets, ensuring compliance, and securing assets at scale.
Together, we give enterprises a unified solution that bridges cloud and edge—showing that Cumulocity and Microsoft are not competitors, but partners who are stronger together.
Read the 2025 Gartner® Magic QuadrantTM for Global Industrial IoT Platforms
Tangible Outcomes for Enterprises
- Minimize Compliance Risk – Prepare for CRA with confidence and avoid penalties.
- Simplify Operations – Automate device management to cut costs and free resources.
- Accelerate Innovation – Feed clean IoT data into Azure to unlock AI-driven insights faster.
Customers that trust Cumulocity & Microsoft
Ready to Secure and Scale Your Connected Products?
Take the CRA Readiness Assessment
