CRACI Raises Funds for Software Supply Chain Security Ahead of CRA

Finnish cybersecurity startup CRACI has announced the completion of a €1.4 million pre-seed funding round. The operation was led by Lifeline Ventures, with participation from First Fellow Partners and Wave Ventures. These funds will be allocated to product development and platform expansion, in preparation for the entry into force of new European cybersecurity regulations, expected in 2026.

The investment underscores the growing urgency for companies to strengthen their digital defenses and adapt to an increasingly stringent regulatory landscape, especially in an era where software complexity and cyber threats are constantly increasing. CRACI positions itself as a key player in this scenario, offering solutions aimed at simplifying compliance and improving cyber resilience.

The Cyber Resilience Act and Challenges for Businesses

Founded in 2025 by Juho Niemi, Dennis Marttinen, Jaakko Sirén, and Petteri Pulkkinen, CRACI develops software supply chain security technologies specifically designed to support companies in complying with the European Union's Cyber Resilience Act (CRA). This regulation will impose stricter requirements for cybersecurity, documentation, and lifecycle management for all products with digital elements sold in the EU, with an estimated impact on hundreds of thousands of companies globally.

The complexity of modern software development, fueled by the integration of third-party components, Open Source dependencies, and AI-generated code, makes it increasingly difficult to maintain visibility and control over the entire supply chain. At the same time, businesses face growing regulatory pressure to ensure their software products remain secure and traceable throughout their lifecycle. This context creates significant demand for solutions that can automate and simplify these critical processes.

The CRACI Platform and Implications for Data Sovereignty

CRACI's platform offers comprehensive visibility across software supply chains, automating vulnerability tracking, lifecycle management, and compliance processes. The company's goal is to help organizations meet CRA requirements related to supply chain control, traceability, and continuous security, without slowing down software development cycles.

As highlighted by Juho Niemi, co-founder and CEO of CRACI, supply chain security is now a business-critical aspect for software organizations. Companies that invest early in this area can gain a competitive edge, accessing the market more quickly and building greater trust with their customers. Conversely, those relying on manual approaches risk delays and higher costs. Niemi also emphasized how AI-driven software development increases both the complexity and risks associated with modern applications, while the CRA places greater accountability on companies to ensure the security of every product they ship. For organizations prioritizing data sovereignty and control, such as those opting for self-hosted or air-gapped deployments, the ability to manage and track every component of the supply chain becomes a fundamental enabler for compliance and risk mitigation.

Future Prospects and the Strategic Role of Funding

The new funding will support CRACI's efforts to help businesses prepare for the Cyber Resilience Act and manage evolving software supply chain security and compliance requirements across the European market. This includes expanding the platform's functionalities and strengthening the team to address technical and regulatory challenges.

In an era where digital trust is paramount and regulations are becoming increasingly pervasive, solutions like the one proposed by CRACI become indispensable. For CTOs, DevOps leads, and infrastructure architects evaluating self-hosted alternatives versus the cloud for AI/LLM workloads, the ability to demonstrate robust supply chain security and full regulatory compliance is a decisive factor. AI-RADAR offers analytical frameworks on /llm-onpremise to evaluate the trade-offs between control, security, and TCO, aspects that the Cyber Resilience Act makes even more central to strategic decisions.