CRA Evidence is a comprehensive EU Cyber Resilience Act (CRA) compliance platform that helps manufacturers, importers, and distributors achieve compliance before the December 2027 deadline. Key features include: SBOM management (CycloneDX, SPDX formats), vulnerability scanning with CVE monitoring and EPSS prioritization, technical file generation for CE marking, ENISA incident reporting tools, and multi-language support (EN, ES, DE, FR, IT, PL). The platform offers professional and enterprise tiers. Visit craevidence.com to start your free trial.
EU Cyber Resilience Act Compliance Platform
CRA Evidence helps manufacturers, importers, and distributors meet EU Cyber Resilience Act requirements. Manage SBOMs, track vulnerabilities, and generate audit-ready technical documentation.
CRA Compliance Timeline
Key dates you need to know
11 September 2026
Vulnerability reporting via the ENISA Single Reporting Platform begins for all manufacturers. Report actively exploited vulnerabilities within 24 hours.
11 December 2027
Full CRA enforcement for new products. Products already on the market before this date are grandfathered unless substantially modified.
10+ Years
Documentation retention period. Technical files must be kept for the lifetime of the product or at least 10 years.
Does the CRA Apply to Your Product?
Answer 6 simple questions to find out if your product falls under the EU Cyber Resilience Act scope. Get your result in under 2 minutes.
Check NowEverything You Need — SBOMs, Vulnerability Scanning & Technical Documentation
One platform to manage your entire Cyber Resilience Act readiness workflow
CRA Technical File Generation
Manage all CRA-required documents: risk assessments, EU Declaration of Conformity, user documentation, and vulnerability policies.
Product Versioning
Organize products and versions with full traceability. Link artifacts (SBOM, HBOM, VEX), documents, and vulnerabilities to specific releases.
Audit-Ready Export Packages
Generate audit-ready technical file bundles with all required documentation. Ready for regulators and market surveillance.
Compliance in Your CI/CD Pipeline
API-first design with support for automated artifact uploads from your build pipeline. GitHub Actions, GitLab CI, and more.
Role-Specific Workflows
Tailored dashboards for manufacturers (Art. 13), importers (Art. 19), and distributors (Art. 20). Each role gets the workflows that matter to them.
API & Webhooks
REST API and webhook notifications for all platform events. Connect with Jira, Slack, GitHub, or any tool in your workflow.
How It Works
Get audit-ready before December 2027
Set Up Your Organization
Create your workspace, invite your team, classify products by CRA category (Default, Important Class I/Class II, Critical).
Upload Artifacts & Evidence
SBOMs, technical documents, risk assessments, and compliance evidence per product version. Auto-validated against TR-03183.
Scan & Monitor Vulnerabilities
Automated scanning against NVD, GitHub Advisories, and CISA KEV. Production versions rescanned when new CVEs appear.
Generate CRA Audit-Ready Documentation
Annex VII technical files, EU Declarations of Conformity, compliance reports, and ENISA notification templates.
Stay Audit-Ready
10-year retention, full audit trails, and exportable evidence packages for market surveillance authorities.
Register Your Supply Chain
Add manufacturers and their products. Track contacts, EU representatives, and compliance metadata.
Verify Manufacturer Compliance
Step-by-step Article 19 checklist: CE marking, EU DoC, Annex II review, importer ID on product, final sign-off.
Monitor & Act
Reverification triggers when new vulnerabilities appear or review dates approach. Stop-ship decisions when needed.
Add Products to Your Portfolio
Register the connected products you distribute. Upload CE marking evidence and manufacturer documentation.
Complete Due Care Checks
Article 20 checklist: product ID, CE marking, EU declaration, manufacturer contacts, anomaly detection.
Generate Verification Certificates
PDF certificates proving due care compliance. Unique verification numbers, audit-logged, stored for 10 years.
Ready to Get CRA-Ready?
Join companies already preparing for CRA 2027. Start your free trial today.