Cyber-Physical systems (CPS) are tools used by humans enhancing the way they perform task. CPS make tasks more efficient, more precise and safer. Those systems are omnipresent in human lives, would it be in cars with Advanced Driver Assistance Systems (ADAS), in Unmanned Aerial Vehicles (UAV) for self balancing, in smart cities for traffic optimisation or even in medical devices. CPS have the ability to read information from the real world, process it and also affect the real world back, taking into account constraints such as real-time processing. Furthermore, the safety and security of the software controlling the CPS are directly linked with the safety and the security of human bystanders. To ensure such requirements, the European Union (EU) has a process to assess the conformity of specific products exchanged within the EU. Recently, Regulations and Directives such as the Cyber Resilience Act (CRA) puts stress on European actors to provide compliant software products. Such requirements on software started with the Medical Device Regulation (MDR) in 2017. However, technical requirements are not easy to understand from legal texts and certification processes rely solely on documentation from manufacturers. Thus, the EU has difficulty in monitoring and opening the European market to products deemed compliant and manufacturers have difficulties understanding what is technically required of them when introducing products. This thesis aims at providing a way for common understanding between both parties.