Cybersecurity Resilience Act (CRA) at KONE

At KONE, cybersecurity is a fundamental part of how we design, develop and maintain our products and digital solutions. KONE is recognized as a reliable, trusted and resilient company among our customers, stakeholders and employees. Cybersecurity is embedded in a way we behave, we design our products and solutions, and KONE-wide processes.

The Cyber Resilience Act (CRA) is a new EU regulation that introduces harmonized cybersecurity requirements for products with digital elements across their lifecycle. KONE welcomes the CRA as an important step toward strengthening cybersecurity across the European market and views it as closely aligned with our existing cybersecurity principles, practices and targets.

KONE is fully committed to meeting the new cybersecurity requirements introduced by the CRA as part of KONE’s wider cybersecurity commitment. To prepare for the new requirements, KONE has established a company‑wide CRA Program that aligns product development, suppliers, cybersecurity, sourcing, and lifecycle management.

Through coordinated governance and a clear compliance roadmap, KONE is progressing towards CRA readiness aligned with regulation timelines (11 September 2026 and 11 December 2027). KONE is integrating CRA requirements into its broader cybersecurity framework and remains committed to being a trusted, resilient and responsible partner in an increasingly digital urban environment.