Press release

Cumulocity Delivers Cyber Resilience Act Compliance Leveraging the Microsoft Cloud

Accelerating the modernization of secure, intelligent, connected solutions.

Dusseldorf, Germany – 20 November, 2025 – Cumulocity today announced the expansion of its collaboration with Microsoft to help manufacturers prepare for the European Union’s Cyber Resilience Act (CRA) and accelerate their modernization of secure, intelligent connected solutions.

CRA regulatory requirements include connected product manufacturers (a) design and ship secure products by design & default, (b) disclose exploitable vulnerabilities as quickly as within 24-hours, and (c) commit to at least five years of ongoing security support. Compliance is to be demonstrated via conformity assessments for any company selling connected products into Europe, resulting in CE marking. 

Cumulocity provides manufacturers a scalable and practical path to CRA compliance by integrating with Microsoft — including a customizable reference design, pre-integrated solution components, and even a “CRA Readiness Assessment,” available as a Professional Services package. The assessment provides  manufacturers a customized compliance roadmap, helping them identify and mitigate risks, secure their devices, and ensure best-practices when modernizing their infrastructure for Asset Security Compliance. 

The Better Together Story - Cumulocity & Microsoft 

  • Cumulocity delivers Asset Security Compliance for fleets of connected products in a way that is automated, auditable, and operated remotely at scale. From edge to cloud, Cumulocity unifies the integration point for connected product data, harmonizing data models across IT/OT and activating the digital twins that feed intelligent workloads. 
  • Microsoft operationalizes the discovery, management, and mitigation of security vulnerabilities as part of a unified platform for modern Security Operations. Azure Kubernetes Service and Azure Arc, provide the infrastructure and management services required for secure, intelligent application workloads. 
  • Together, this integration helps manufacturers reduce CRA compliance risk while simultaneously unlocking innovation in Physical AI.

“Meeting CRA requirements is a top concern for manufacturers as they bring connected products to market. By working with Microsoft, we are delivering a solution that not only reduces risk but also accelerates time-to-market and creates a foundation for growth in AI and connected services,” said Dr. Juergen Kraemer, Chief Product Officer, Cumulocity.

“Cumulocity’s device and asset security compliance capabilities are an important complement to our Microsoft cloud, security, and AI solutions. By working together, we’re helping manufacturers simplify compliance and unlock the trusted data they need to innovate with confidence,” said Dayan Rodriguez, Corporate Vice President, Manufacturing & Mobility at Microsoft.

About Cumulocity

Founded in 2012, Cumulocity is a leading global industrial IoT platform that offers self-service device management and low-code application development based on artificial intelligence for a fast ROI. The cloud-native and AIoT-based platform enables companies to pursue a “buy & build” approach and shorten the time to market for new, differentiating digital services. Numerous machine builders and industrial equipment manufacturers rely on Cumulocity to operate their smart and connected products and services worldwide. Cumulocity is available as a cloud, on-premises, edge, and hybrid solution.