CRACI, a Helsinki-based technology company focused on software supply chain security and compliance automation, has raised €1.4 million in a pre-seed round led by Lifeline Ventures, with participation from First Fellow Partners and Wave Ventures. The company develops a platform that integrates into CI/CD workflows to track software components, monitor vulnerabilities, and generate documentation intended to support compliance with the EU Cyber Resilience Act (CRA), which will introduce mandatory cybersecurity requirements for digital products sold in the EU starting from 2026. The funding will be used to further develop the product and expand engineering capacity as regulatory requirements come into force and organizations prepare for increased obligations around vulnerability reporting and software supply chain transparency.
Founded in 2025 by Juho Niemi, Dennis Marttinen, Jaakko Sirén and Petteri Pulkkinen, CRACI is a Helsinki-based technology company automating software supply chain security and compliance under the EU Cyber Resilience Act. The platform directly integrates into existing CI/CD pipelines to continuously manage vulnerabilities, generate product security documentation, and ensure ongoing regulatory compliance without disrupting development workflows.
“Supply chain security is now business-critical for software organizations. Companies that invest early will gain a competitive edge through faster market access and stronger trust. Those relying on manual approaches risk delays and higher costs. We enable fast and reliable security and compliance without slowing growth,” says Juho Niemi, co-founder and CEO of CRACI.
The round was led by Lifeline Ventures, known as an early backer of Wolt and Supercell, with participation from First Fellow Partners and Wave Ventures. The investment will accelerate CRACI’s mission to help businesses prepare for the Cyber Resilience Act (CRA) and navigate complex supply chain security and regulatory requirements faster and with greater confidence.
“CRACI’s founders combine rare technical expertise with a deep understanding of how developers actually work. The CRA is rewriting the rules for software in Europe, and CRACI is building what this new era demands: a comprehensive compliance automation solution that fits into existing workflows. We’re excited to back the team,” says Juha Lindfors, Partner at Lifeline Ventures.
The CRA, coming into force starting from September 2026, will require all products with digital elements sold in the EU to meet strict cybersecurity standards. It will affect more than 600,000 companies worldwide, which must comply to maintain access to the European market. The CRA sets strict requirements for security, documentation, and lifecycle management of software products, increasing pressure on internal resources and cybersecurity expertise. As one of the broadest cybersecurity regulations to date, it has significant global impact, with non-compliance carrying fines of up to €15 million or 2.5% of a company’s global annual turnover.
To address the growing need, CRACI delivers provably complete visibility across software supply chains with a platform that enables organizations meet CRA requirements around supply chain control, traceability, and continuous security. By automating vulnerability tracking and end-to-end lifecycle management, it removes the burden of manual processes and enables businesses to gain visibility, stay compliant, reduce risk, and maintain development speed.
“Under the CRA, this lack of transparency is unacceptable. Companies are fully accountable for every product they ship and must ensure it is secure and free from vulnerabilities. As a result, the direct and transitive attack surface is expanding faster than most organizations can currently manage,” Niemi says.
The CRA opens up a rapidly growing market for CRACI. Fueled by the new funding, the company is accelerating product delivery, as software companies will be required to report actively exploited vulnerabilities and serious incidents to ENISA (European Union Agency for Cybersecurity)already in September 2026.
At the same time, the rise of AI-driven development is expanding the market opportunity. While AI has accelerated software creation, it has also increased complexity and risk. Modern applications increasingly rely on third-party components, open-source libraries, and AI-generated code, making visibility and control more challenging than ever before.
Click to read more funding news.
Read the orginal article: https://arcticstartup.com/craci-raises-e1-4-million-pre-seed/
