CRACI Secures Funding to Tackle Software Compliance Challenges
CRACI, a Helsinki-based startup, has successfully raised €1.4 million in pre-seed funding, led by Lifeline Ventures, known for backing successful companies like Wolt and Supercell. This funding comes as the startup gears up to help software companies comply with the stringent requirements of the EU Cyber Resilience Act (CRA), set to take effect in September 2026.
A New Era of Compliance
Founded in 2025 by a team of tech innovators including Juho Niemi and Dennis Marttinen, CRACI aims to simplify the compliance landscape for over 600,000 companies worldwide. The CRA mandates that any company selling digital products in the EU adhere to rigorous standards for security and documentation, with penalties for non-compliance reaching up to €15 million.
“Supply chain security is now business-critical for software organisations,” says Niemi. “Those investing early will gain a competitive edge, while companies relying on outdated manual approaches risk delays and increased costs.”
Innovative Solutions for Software Development
CRACI offers a platform that integrates with existing Continuous Integration/Continuous Deployment (CI/CD) pipelines, allowing compliance checks to occur seamlessly alongside regular development processes. When a new open-source library is added, CRACI tracks it, identifies vulnerabilities, and automatically updates security documentation.
“Under the CRA, companies are fully accountable for every product they ship,” Niemi adds, highlighting the growing need for transparency in software security. “The direct and transitive attack surface is expanding faster than most organisations can manage.”
Setting Itself Apart
While other tools like Snyk and Black Duck offer vulnerability scanning, CRACI distinguishes itself by providing a comprehensive compliance workflow, covering documentation, traceability, and incident reporting, not just vulnerability detection.
“CRACI’s founders combine rare technical expertise with a deep understanding of developers’ needs,” remarks Juha Lindfors, a partner at Lifeline Ventures. “The CRA is reshaping the software landscape in Europe, and CRACI is poised to deliver the compliance solutions this new era demands.”
Looking Ahead
The funding will enable CRACI to accelerate product development in anticipation of the CRA deadline, ensuring that companies can meet their reporting obligations to the EU’s cybersecurity agency, ENISA, by 2026.
Related
