Helsinki-based CRACI has secured €1.4 million in pre-seed funding to accelerate development of its software supply chain security platform focused on helping companies comply with Europe’s upcoming Cyber Resilience Act (CRA).
The round was led by Lifeline Ventures, with participation from First Fellow Partners and Wave Ventures.
Building Infrastructure For Europe’s New Cybersecurity Rules
Founded in 2025 by Juho Niemi, Dennis Marttinen, Jaakko Sirén, and Petteri Pulkkinen, CRACI develops technology designed to automate software supply chain security and regulatory compliance.
The company is targeting the growing operational pressure created by the European Union’s Cyber Resilience Act, which will begin applying from September 2026 and introduce mandatory cybersecurity requirements for digital products sold within the EU.
The regulation is expected to impact hundreds of thousands of companies globally, with non-compliance carrying potential penalties of up to €15 million or 2.5% of annual global turnover.
Advertisement
Automating Supply Chain Security And Compliance
The platform integrates directly into existing software development workflows and CI/CD pipelines, helping organisations continuously monitor vulnerabilities, maintain software traceability, generate security documentation, and manage lifecycle compliance requirements automatically.
The company says the increasing complexity of modern software development, particularly the widespread use of open-source components, third-party dependencies, and AI-generated code, has significantly expanded software supply chain risks.
According to Juho Niemi, supply chain security has become a critical operational challenge for software companies.
“Businesses that invest early in secure and compliant software infrastructure will gain a major advantage through faster market access and stronger customer trust. Manual processes are no longer sufficient to manage the growing complexity and regulatory demands of modern software development,” he said.
AI Development Increasing Security Complexity
CRACI also sees the rapid growth of AI-assisted software development as a major driver of demand for automated compliance and visibility tools.
The company argues that while AI accelerates software creation, it also increases the difficulty of understanding and managing the full dependency chain behind applications.
Under the Cyber Resilience Act, companies remain fully responsible for the security of every component included in their products, including transitive dependencies and externally generated code.
Funding To Accelerate Product Development
The newly raised capital will support product development, engineering expansion, and faster delivery of compliance automation capabilities ahead of the CRA rollout in 2026.
Juha Lindfors, Partner at Lifeline Ventures, said the new regulatory environment is fundamentally changing software security requirements across Europe.
“The Cyber Resilience Act is reshaping how software companies operate, and CRACI is building a compliance automation platform designed to integrate directly into existing developer workflows,” he said.
About CRACI
CRACI is a Finland-based cybersecurity startup focused on software supply chain security and regulatory compliance automation. Founded in 2025, the company develops infrastructure that helps organisations manage vulnerabilities, maintain software traceability, and comply with the European Union’s Cyber Resilience Act through automated security and lifecycle management tools.
