Finnish cybersecurity startup CRACI has raised €1.4 million in pre-seed funding in a round led by Lifeline Ventures, with participation from First Fellow Partners and Wave Ventures. The funding will support product development and platform expansion ahead of new European cybersecurity regulations coming into force in 2026.
Founded in 2025 by Juho Niemi, Dennis Marttinen, Jaakko Sirén and Petteri Pulkkinen, CRACI develops software supply chain security technology designed to help companies comply with the European Union’s Cyber Resilience Act (CRA). The regulation will require products with digital elements sold in the EU to meet stricter cybersecurity, documentation and lifecycle management standards, affecting hundreds of thousands of companies globally.
The timing is critical as businesses face mounting pressure from multiple directions. The increasing complexity of software development, driven by third-party components, open-source dependencies and AI-generated code, is making visibility and control across software supply chains more difficult. At the same time, new regulatory requirements mean companies must ensure software products remain secure and traceable throughout their lifecycle or risk being locked out of the European market.
CRACI’s platform provides visibility across software supply chains while automating vulnerability tracking, lifecycle management and compliance processes. The company aims to help organizations meet CRA requirements related to supply chain control, traceability and continuous security without slowing software development.
“Supply chain security is now business-critical for software organizations,” said Juho Niemi, co-founder and CEO of CRACI. “Companies that invest early will gain a competitive edge through faster market access and stronger trust. Those relying on manual approaches risk delays and higher costs. We enable fast and reliable security and compliance without slowing growth.”
Niemi added that AI-driven software development is increasing both the complexity and risk associated with modern applications, while the CRA places greater accountability on companies to ensure the security of every product they ship.
The Cyber Resilience Act represents a major shift in how the EU approaches cybersecurity. Similar to GDPR’s impact on data protection, the CRA will create mandatory cybersecurity requirements for a wide range of digital products. Companies that fail to comply could face significant fines and market access restrictions.
This regulatory pressure is creating opportunities for startups like CRACI that can help businesses adapt to new requirements. The cybersecurity compliance market is expected to grow significantly as more regulations come into effect across different regions.
The new funding will support CRACI’s efforts to help businesses prepare for the Cyber Resilience Act and manage evolving software supply chain security and compliance requirements across the European market. The company plans to expand its platform capabilities and build partnerships with software development organizations ahead of the 2026 deadline.