SEMI SMCC CRA Position Paper
Ensuring proportionate application of the EU Cyber Resilience Act to Semiconductor Manufacturing Equipment
While the EU Cyber Resilience Act (CRA) is a critical step toward strengthening global cybersecurity, its “one-size-fits-all” approach does not reflect the complex realities of semiconductor manufacturing. This paper explains why horizontal CRA requirements must be adapted for the highly specialized semiconductor manufacturing equipment (SemiEq) sector.
Inside the Paper
- The Customization Conflict: Why rigid "secure-by-default" rules jeopardize engineered-to-order fab systems.
- The 30-Year Lifecycle Gap: The structural mismatch between short-term patches and decades-long equipment lifetimes.
- 6 Strategic Recommendations: Concrete exemptions and deadline alignments requested from European Commission.
Standardized Semiconductor Cyber Security Assessment (SSCA)
SSCA was developed by the SEMI Semiconductor Manufacturing Cybersecurity Consortium (SMCC) Working Group (WG) 3- Supply Chain Cybersecurity.
The WG is comprised of subject matter experts across the supply chain that are focused on activities including cybersecurity, assessment questionnaires and audits.
SEMI E187 Compliance Guide
This document is intended to be used as an additional SEMI E187-0122 compliance guidance for small, medium, and large semiconductor original equipment manufacturers (Supplier) and provides guidance to Device Manufacturers (DM) building their own specific requirements specifications using elements of SEMI E187-0122.
Building a Robust Cybersecurity Program
In the digital age, cybersecurity is no longer just a cost or risk management tool—it has become a core driver of business growth and innovation!
SEMI and the SEMI Taiwan Semiconductor Cybersecurity Committee proudly present " Building A Robust Cybersecurity Program to empower businesses to:
- Elevate Cybersecurity Decision-Making
- Invest in Cybersecurity to Boost Business Value
- Accelerate Cybersecurity Integration
