← Back to Blog

3/️5 OPC UA: One important step towards CRA compliance.

Oliver Herzig
CRA compliance with OPC UA

Never assume that a connection to your machine is trustworthy. Verify it! The Cyber Resilience Act mandates “Security by Default”. Every connection requires authentication, state-of-the-art encryption, and verified data integrity.

The security features of OPC UA can support this all the way. It was designed for secure industrial communication. Here’s how:

  • ️Authentication: Set read/write/execute permissions at the data tag level. Keep monitoring easily accessible. Protect external controls.
  • ️Sign & Encrypt: Use digital signatures to prevent tampering and full encryption to keep communication towards the machine private.
  • Data Ranges: Define valid ranges (e.g., 0–12’000 RPM) to block faulty or malicious values from corrupting your hardware.

🚨Using OPC UA doesn’t automatically make you compliant with the CRA or the new machine regulation. But it provides you the right toolkit you need to get there.

🔐Quick OPC UA security checklist:

☑️ Is "Sign & Encrypt" the default setting?
☑️ Are you using modern algorithms (AES-256, SHA-256)?
☑️ Can users easily update or revoke certificates?
☑️ Is the private key stored securely (e.g., TPM)?
☑️ Do you log failed authentication attempts?

Originally published on LinkedIn

Powered by

Alpina Connect GmbH logoAlpina Connect GmbH

Book Your CRA Compliance & OT Security Check

Learn how to make your OT environment secure and CRA-compliant.

Schedule a Call

© 2026 Alpina Connect GmbH
All rights reserved.