CRACI, a Helsinki-based platform that automates Cyber Resilience Act compliance for software manufacturers, has raised €1.4 million in pre-seed funding led by Lifeline Ventures. The company integrates vulnerability management, SBOM generation, and EU cybersecurity documentation directly into existing CI/CD pipelines to help teams achieve CE marking readiness. The capital will support product development and market expansion ahead of upcoming regulatory deadlines.
CRA Deadlines Accelerate Tool Adoption
The timing aligns with the EU Cyber Resilience Act entering into force, with vulnerability reporting obligations starting in September 2026. Kusari raised $8M for supply chain security tools while Cycode secured $56M for its DevSecOps platform. CRACI differentiates by embedding compliance automation into developer workflows rather than layering on separate security scans.
Regulatory Pressure Quantifies the Pain
The Act affects more than 600,000 software companies operating in or selling to Europe, with potential fines reaching €15 million or 2.5% of global turnover for non-compliance. Current manual processes for generating SBOMs and preparing ENISA reports often disrupt development velocity and leave gaps in continuous monitoring.
CI/CD Integration as Differentiator
CRACI builds automated SBOM generation in CycloneDX and SPDX formats, continuous vulnerability tracking, and one-click CRA-ready reports that plug into GitHub Actions, GitLab CI, and Jenkins. This approach contrasts with broader platforms that focus on code scanning or hardware-focused assessments.
"Supply chain security is now business-critical for software organizations."
Lifeline Ventures Leads Regulatory Bet
Lifeline Ventures led the round with participation from First Fellow Partners and Wave Ventures. The firm’s track record backing companies through major regulatory and market shifts in the Nordics signals conviction in category-creating compliance infrastructure.
Europe Cybersecurity Market Expands
The European cybersecurity market stands at $69.82 billion in 2026 and is projected to reach $115.66 billion by 2031, growing at 10.62% CAGR. Structural drivers include mandatory CRA enforcement and expanding SBOM requirements across digital products.
Competitors such as Cybellum with $30 million raised target hardware and IoT use cases, leaving room for software-centric, pipeline-native solutions.