As part of its mission to support SMEs in meeting the upcoming requirements of the EU Cyber Resilience Act (CRA), Digital Innovation Hub Trakia is proud to announce the launch of a four-part online training series under the OSCRAT (Open-Source Cyber Resilience Act Tools) project. These expert-led sessions will take place monthly between September and December 2025 and are designed to guide participants through the core regulatory, technical, and documentation expectations under the CRA framework.
Training Dates (Online):
- 8 September 2025
- 13 October 2025
- 10 November 2025
- 8 December 2025
Time: 14:00–16:00 CET
Who Should Join:
Manufacturers, importers, distributors, hardware and software developers (commercial and open source), product managers, cybersecurity officers, and SME innovation teams aiming to ensure that their digital products and services comply with the CRA.
What to Expect
Each 120-minute event will build upon the essential CRA compliance steps in a clear, actionable format tailored for SMEs. Topics include:
Cyber Resilience Act Overview:
Understand what counts as a “product with digital elements” (PDE), the lifecycle-based compliance obligations, and how the CRA connects with other EU laws (e.g. CSA, NIS2).CE Marking & Self-Assessment:
Learn how to determine whether your product qualifies as a general, important, or critical product with digital elements under the Cyber Resilience Act. You’ll also understand when a self-assessment is permitted and when a third-party conformity assessment — or even EU cybersecurity certification — is required, depending on the risk classification in Annex III and IV of the regulation.Incident Reporting & Vulnerability Management:
Building readiness to meet CRA reporting deadlines (24h/72h) and structuring internal workflows for secure update and communication cycles.Software Bill of Materials (SBOM) and Technical Documentation:
Guidance on generating and maintaining SBOMs aligned with recognized formats and the importance of structured documentation under the CRA.CRA Automation Tools from OSCRAT:
Preview the open-source OSCRAT platform tools, including compliance checklist generators, documentation assistants, and vulnerability tracking utilities.
Meet the Trainers
- Sashka Boncheva – Cybersecurity expert and lead ISO auditor, Sashka Boncheva brings over 15 years of hands-on experience in implementing and auditing information security and quality management systems across both the public and private sectors. She is a certified Lead Auditor in ISO/IEC 27001, ISO 20000-1, ISO 27701 and other key standards, and actively advises SMEs on cybersecurity readiness. Sashka is also a co-founder of the Bulgarian chapter of Women4Cyber, where she works to improve gender balance and digital inclusion in cybersecurity.
- Miroslav Mitev, PhD – With more than 3,000 audit days under his belt, Miroslav Mitev is one of Bulgaria’s most seasoned experts on conformity assessment and ISO-based compliance. He has extensive teaching experience in cyber risk, incident response, and security governance and is frequently consulted on CRA, NIS2, DORA and national legislative alignment. Miroslav is also a co-founder of Bulgaria’s AI Institute, where he fosters the intersection of artificial intelligence, cybersecurity, and digital trust frameworks.
- Hristian Daskalov, PhD – Chairman of the Board at Digital Innovation Hub Trakia and Project Coordinator of the Cyber4AllSTAR EDIH project, Hristian Daskalov is an award-winning digital policy researcher, advisor and innovation strategist. With a background in open source software governance and stakeholder management research, and considering his lecturing work at the Technical University of Sofia and Plovdiv University, he plays a key role in bridging EU regulatory frameworks with practical SME and broader awareness and adoption. In his consultancy role, Hristian advices global tech leaders on regional compliance and digital transformation initiatives.
Format and Deliverables
Each session includes expert presentations, case-based walkthroughs, and live Q&A. Attendees will receive:
✅ Presentation materials
✅ CRA-aligned checklists and templates
✅ Certificates of participation
These sessions are free of charge and will be conducted in English.
These training sessions are based on the current text of the Cyber Resilience Act and best available guidance as of mid-2025. Participants will be introduced to the key requirements and tools under development in the OSCRAT project to support future compliance.
Registration
Registration is open via Zoom Webinars, but space is limited to ensure high-quality interaction and discussion.
Register sooner to secure your participation in one or more of the training sessions – https://eu01web.zoom.us/webinar/register/WN_SKFg2CF3Q5yDBGYkFGqoKg
About OSCRAT
OSCRAT is a cross-border project that develops free, open-source solutions to help SMEs understand and implement CRA compliance requirements.
Co-funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Industrial, Technology and Research Competence Centre. Neither the European Union nor the granting authority can be held responsible for them. – Project: 101190180.