The Cyber Resilience Act: implications for the global rail industry
The EU Cyber Resilience Act (CRA) is set to reshape the rail supply chain. This webinar explores practical steps for operators and suppliers to ensure compliance, transparency and security across the asset lifecycle.
The upcoming EU Cyber Resilience Act (CRA) will introduce significant new cyber-security requirements for connected products and digital components sold in the European market. Cyber-security regulations outside the EU will also be heavy influenced by the CRA. It will have far-reaching implications for rail operators, manufacturers, software developers, and service providers in the rail and transport technology sector.
Industry experts join Nomad Digital’s cyber-security compliance team to examine strategies for meeting CRA requirements..This session shares practical insights into how our existing Secure-by-Design framework, aligned with IEC 62443, ISO 27001, and TS 50701, is being extended to address CRA obligations.
Whether you’re a Product Manager, Compliance Officer, or cyber-security professional, this session will help you understand the CRA’s expectations and what proactive steps can be taken now to ensure readiness.
Key learning points:
- Understanding the Cyber Resilience Act (CRA)
- Gain a clear overview of the CRA’s objectives, scope, and timelines — and what it means for connected products and software in the transport and mobility sector
- Mapping existing frameworks to CRA Requirements
- Learn how standards such as IEC 62443, ISO 27001, and TS 50701 already provide a strong foundation for CRA compliance
- Building secure-by-design processes
- See how integrating security into design, development, and testing stages reduces compliance effort and improves overall product resilience
- Managing software supply chain risk
- Understand how tools like Software Composition Analysis (SCA) and structured SBOM management help meet supply chain transparency obligations
- Operational readiness and post-market obligations
- Explore practical steps for vulnerability handling, patch management, and incident reporting under the CRA’s continuous compliance model
- Practical lessons from Nomad Digital’s implementation journey
- Hear how Nomad Digital is staying ahead by aligning internal processes, partner requirements, and customer engagement to achieve end-to-end cyber resilience
- Exclusive readiness tracker
- All participants receive a comprehensive checklist to assist with CRA planning.
SPEAKERS
Callum Robinson, Information Security Manager, Nomad Digital
Callum Robinson is the Information Security Manager at Nomad Digital. With 10 years of experience at Nomad Digital, Callum has worked across multiple areas including R&D, operations and maintenance, and information security.. His broad exposure to these areas has given him a deep understanding of the company’s technology and services within the rail industry. Callum’s expertise in information security has been instrumental in strengthening Nomad Digital’s cyber- resilience, ensuring the protection of critical communications and data solutions. His work has supported the delivery of secure, high-performance systems for Nomad Digital customers globally.
Ian Wilson, Security Analyst, Nomad Digital
Ian is an IT security professional with over five years of experience within the technology sector. The majority of Ian’s experience has been during his time as Security Analyst at Nomad Digital with areas of expertise covering the monitoring of live train fleets and supporting the security of operational technology and real-time systems for rail. nformation security regulation and legislation is also a key element of Ian’s role, including supporting Nomad Digital’s ISO 27001 certification.
Eddy Thésée, Vice President Digital & Cyber Platform, Alstom
Eddy is Vice President of Digital & Cyber Platform at Alstom, with 25 years of experience in the rail industry driving secure digital mobility.
After starting his career developing predictive algorithms in finance and energy, he joined Alstom in 1999 and has since led global IT, signalling, and digital transformation initiatives. He defined Alstom’s cyber-security strategy and built a standalone business to meet the growing need for resilient rail systems. A key advocate for cyber-security standards, Eddy champions their role as the foundation of trust and interoperability across the rail ecosystem and now expands this mission through the integration of digital innovation into core business strategies, driving secure, scalable solutions that accelerate digital growth across mobility platforms.
FAQs
Is this webinar free?
Yes – there is no charge to watch the webinar, either live or on-demand.
When will the webinar take place?
The webinar takes place on 26th March
Can I watch the webinar later?
The webinar will be available to watch on-demand shortly after the live broadcast takes place.
What are the benefits of attending live?
During the live webinar, you will be able to pose questions to the speakers, which will then be answered during the live Q&A session at the end of the webinar.
How long will the webinar be?
The live webinar will last for up to one hour.
Who will be hosting?
Global Railway Review.
What do I need to watch this webinar?
All you need is a computer with an internet connection. It is advised to use headphones where possible for your own comfort.
Legal Disclaimer:
The content presented in this webinar is provided for general information purposes only. It does not constitute legal advice and should not be relied upon as such. The topics discussed may have legal or commercial implications for your organisation and participants should obtain independent legal advice, if required. We make no representations or warranties as to the accuracy, completeness, or suitability of the information provided and we accept no liability for any loss or damage arising from reliance on it.
