As software systems become increasingly dependent on open source libraries, third party components, and AI generated code, businesses are facing growing challenges around security, traceability, and compliance across their software supply chains. At the same time, Europe is preparing to introduce stricter cybersecurity regulations that will place significantly more responsibility on companies selling digital products within the region. Finnish cybersecurity startup CRACI is building technology designed to help organisations navigate this new regulatory landscape, and investors are backing the company with fresh funding.
CRACI has raised €1.4 million in pre seed funding in a round led by Lifeline Ventures, with participation from First Fellow Partners and Wave Ventures.
The company says the investment will support product development and expansion efforts ahead of the European Union’s Cyber Resilience Act coming into force in 2026.
Preparing for the Cyber Resilience Act
Founded in 2025 by Juho Niemi, Dennis Marttinen, Jaakko Sirén, and Petteri Pulkkinen, the startup focuses on software supply chain security and compliance technology.
Its platform is specifically designed to help companies comply with the European Union’s upcoming Cyber Resilience Act, commonly referred to as the CRA. The regulation will introduce stricter cybersecurity, documentation, and lifecycle management requirements for products containing digital elements sold within the EU market.
The law is expected to affect hundreds of thousands of companies globally, including software vendors, hardware manufacturers, and organisations distributing connected digital products throughout Europe.
The Growing Complexity of Software Supply Chains
Modern software development increasingly relies on complex ecosystems of external dependencies, open source frameworks, cloud services, and AI generated code. While these technologies accelerate innovation and development speed, they also create growing challenges around visibility, security management, and operational control.
CRACI argues that many organisations currently lack sufficient oversight across their software supply chains, making it difficult to track vulnerabilities, maintain compliance documentation, and ensure long term product security.
The rise of AI assisted software development is adding another layer of complexity. As companies use AI tools to generate code faster, managing security risks and ensuring traceability across applications becomes increasingly difficult.
At the same time, the Cyber Resilience Act will place greater accountability on organisations to guarantee that the software products they ship remain secure throughout their lifecycle.
Automating Security and Compliance
CRACI’s platform provides organisations with visibility across their software supply chains while automating vulnerability management, lifecycle monitoring, and compliance related workflows.
The company aims to help businesses meet the CRA’s requirements around supply chain traceability, continuous security monitoring, and documentation management without slowing software development processes.
According to Juho Niemi, software supply chain security has now become a business critical issue for modern software organisations.
He said companies that invest early in automated security and compliance systems could gain competitive advantages through faster market access and stronger customer trust, while businesses relying on manual processes may face operational delays and rising compliance costs.
Niemi also noted that AI driven software development is significantly increasing both the scale and complexity of security risks across modern applications.
Supporting European Cybersecurity Readiness
The newly secured funding will allow CRACI to continue expanding its platform capabilities while helping organisations prepare for the Cyber Resilience Act before its implementation deadline.
As regulators worldwide place increasing focus on software transparency, lifecycle accountability, and cybersecurity governance, demand for automated software supply chain management platforms is expected to grow rapidly.
By combining compliance automation with supply chain visibility and vulnerability management, CRACI is positioning itself as part of a new generation of cybersecurity companies focused on securing increasingly complex software ecosystems in the AI era.
