Alen Jelavić

Alen is a firmware engineer at Sartura with a passion for low-level software and a dangerous familiarity with a soldering iron. He is known to flash custom firmware on his mobile phone, usually improving performance while accidentally removing minor features like making calls.

Beyond embedded systems, Alen is involved in cybersecurity standardisation, serving as rapporteur in ETSI’s CYBER working group where he contributes to drafting harmonised standards for the Cyber Resilience Act. His day-to-day work spans embedded Linux security, network device compliance including Common Criteria, and a belief that standardisation needs more engineers at the table.

Talk: Implementing the CRA – Engineers, SMEs, and Cybersecurity Standardisation

The Cyber Resilience Act (CRA) is becoming one of the most impactful cybersecurity regulations for anyone building software or hardware in Europe. This talk gives a practical, engineering-focused walkthrough of what CRA implementation actually means, with particular attention to SMEs.

The presentation covers product classification, Annex I requirements, conformity assessment, and the process changes companies will need to make. For SMEs without dedicated compliance teams, it discusses practical strategies to approach these obligations without being overwhelmed.

Open-source has direct CRA implications. Companies integrating open-source into commercial products must ensure components meet Annex I expectations, appear in SBOMs, and receive timely security updates. The talk highlights the challenges this creates for manufacturers, maintainers, and community projects.

It also looks at the ongoing standardisation work in ETSI, CEN, and CENELEC where the real technical requirements are being shaped. These efforts need more professionals and SME voices. The session makes the case for getting involved now, to shape the rules rather than merely comply with them.

Attendees will leave with a clear understanding of what the CRA means for engineers, SMEs, and open-source and why cybersecurity standardisation needs them.

Get your free ticket here https://www.entrio.hr/en/event/dorscluc-2026-28348 and see you at the DORS/CLUC 31!