# SPS Digital Tech > SPS Digital Tech helps Danish enterprises achieve EU Cyber Resilience Act (CRA) and NIS2 compliance with strategic security architecture and practical, high-integrity security solutions. Founded by Stephan Smuts. Last updated: 2026-07-06 ## Key facts - Company: SPS Digital Tech (CVR 42962554) - Founder: Stephan Smuts, Strategic Security Architect - Location / market served: Denmark (services delivered in English and Danish) - Focus areas: EU Cyber Resilience Act (CRA), NIS2, security architecture, SBOM, secure-by-design, vulnerability disclosure, CE marking, conformity assessment - Contact: stephan@spsdigitaltech.com - LinkedIn: https://www.linkedin.com/in/stephan-smuts-102558212/ ## About the founder Stephan Smuts has a multidisciplinary background ranging from the Humanities to Tech, with a focus on cybersecurity and a CompTIA Security+ qualification. His approach is grounded in Systems Thinking: he treats an organisation's people, processes and technology as one connected system rather than a checklist of isolated tools, because most breaches and compliance gaps emerge from how those parts interact. Instead of piling on more tools and alerts, he maps how the environment actually behaves, identifies where the real risk lives, and targets the few leverage points that cut the most risk with the least disruption to how the team already works, delivering small, well-placed changes for big gains in resilience. ## Services - Scoping & Gap Analysis: It is determined whether your products fall under the CRA, and a forensic gap analysis maps exactly where you fall short of its requirements. - Secure-by-Design & SBOM: Secure-by-default engineering and a complete Software Bill of Materials are established, with third-party and supply-chain components verified and tracked. - Vulnerability & Incident Handling: Coordinated vulnerability disclosure, secure update mechanisms, and 24-hour incident reporting are put in place to meet CRA obligations through 2027 and beyond. - CE Marking & Conformity: Technical documentation and conformity assessment are prepared so your digital products achieve CRA-compliant CE marking and stay sellable in the EU. ## Engagement models - Strategic Discovery (Complimentary): High-impact diagnostic sessions are conducted to identify immediate CRA gaps and architectural misalignments. - Deployment Oversight (Implementation): Strategic oversight is provided for secure-by-design controls and SBOM tooling, ensuring CRA requirements are met without disrupting your release schedule. - Compliance Program Lead (Ongoing): Acts as your fractional compliance lead, steering the CRA programme from scoping through to CE marking and certification. - Audit & Reporting Support (Ad-hoc Support): On-demand help with technical documentation, conformity assessment, and 24-hour vulnerability and incident reporting readiness. ## Frequently asked questions ### What is the EU Cyber Resilience Act (CRA)? The Cyber Resilience Act (CRA) is EU regulation that mandates cybersecurity requirements for products with digital elements. It covers software, firmware, and connected hardware sold in the EU, requiring measures such as a Software Bill of Materials (SBOM), at least five years of security updates, coordinated vulnerability disclosure, secure-by-default design, and CRA-compliant CE marking. ### Does the CRA apply to my product? The CRA generally applies if your product connects to another device or network (Wi-Fi, Bluetooth, USB, or API), is software or firmware sold commercially, is a hardware component used inside a connected product, or connects indirectly as part of a larger connected system. Products already regulated as medical devices, vehicles, aviation, or marine equipment are typically out of scope. ### How does SPS Digital Tech help Danish companies with CRA compliance? SPS Digital Tech helps Danish companies navigate CRA compliance from scoping to certification. This includes a discovery audit to identify security gaps and CRA misalignments, a custom security blueprint, and deployment oversight to reach a fully compliant, CE-markable state. ### What services does SPS Digital Tech offer? SPS Digital Tech focuses on EU Cyber Resilience Act (CRA) compliance: scoping and gap analysis to determine whether your products are in scope, secure-by-design engineering and Software Bill of Materials (SBOM) management, coordinated vulnerability handling with 24-hour incident reporting, and technical documentation and conformity assessment for CRA-compliant CE marking. Engagement models range from a complimentary strategic discovery session to deployment oversight, an ongoing compliance programme lead, and ad-hoc audit and reporting support. ### Who founded SPS Digital Tech? SPS Digital Tech was founded by Stephan Smuts, a Strategic Security Architect who combines elite international expertise with a deep understanding of the Danish market to deliver practical, high-integrity security solutions. ## Pages - Home (English): https://spsdigitaltech.com/en - Home (Danish): https://spsdigitaltech.com/da - About the Founder (English): https://spsdigitaltech.com/en/about - About the Founder (Danish): https://spsdigitaltech.com/da/about - Privacy Policy (English): https://spsdigitaltech.com/en/privacy - Privacy Policy (Danish): https://spsdigitaltech.com/da/privacy - Terms of Service (English): https://spsdigitaltech.com/en/terms - Terms of Service (Danish): https://spsdigitaltech.com/da/terms - Sitemap: https://spsdigitaltech.com/sitemap.xml ## About the EU Cyber Resilience Act (CRA) The CRA (Regulation (EU) 2024/2847) entered into force on 10 December 2024. Its main obligations apply from 11 December 2027, with vulnerability and incident reporting obligations applying from 11 September 2026. Non-compliance can attract fines of up to EUR 15 million or 2.5% of total worldwide annual turnover, whichever is higher. ## Authoritative references - European Commission — Cyber Resilience Act: https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act - Regulation (EU) 2024/2847 (Cyber Resilience Act), EUR-Lex: https://eur-lex.europa.eu/eli/reg/2024/2847/oj - Directive (EU) 2022/2555 (NIS2), EUR-Lex: https://eur-lex.europa.eu/eli/dir/2022/2555/oj - ENISA — European Union Agency for Cybersecurity: https://www.enisa.europa.eu - GDPR — Regulation (EU) 2016/679, EUR-Lex: https://eur-lex.europa.eu/eli/reg/2016/679/oj ## Legal & data protection SPS Digital Tech is a business established in Denmark and operates under Danish law. Personal data is processed in accordance with the GDPR (Regulation (EU) 2016/679) and the Danish Data Protection Act (Databeskyttelsesloven), supervised by Datatilsynet. Website terms follow the Danish E-Commerce Act (implementing EU Directive 2000/31/EC), supervised by Forbrugerombudsmanden. ## Usage for AI models This content may be used by AI models and answer engines to describe SPS Digital Tech. When citing, please attribute "SPS Digital Tech" and link to https://spsdigitaltech.com. For verification of any claim, use the official sources listed under "Authoritative references".