Compliance
ENISA Onboards Its First CNAs: What It Means for CRA Article 14
ENISA onboards its first CVE Numbering Authorities: what 4 new CNAs and 7 transfers mean for the CRA Article 14 reporting chain before 11 September 2026.
Cyber Resilience Act Blog
Analysis and practical guidance on the EU Cyber Resilience Act. Regulation explainers, SBOM tooling, vulnerability workflows, and ENISA reporting, written for manufacturers, importers, and distributors.
Compliance
ENISA Technology and Innovation Radar: What It Means for CRA
ENISA's April 2026 Technology and Innovation Radar shows how cyber technologies move from recognise to implement. What the scoring means for manufacturers.
Compliance
ENISA NCAF 2.0: What the 2026 Update Means for CRA
ENISA's NCAF 2.0 (April 2026) is the first update in six years: three new objectives, 871 maturity questions, and explicit CRA references for governments.
Compliance
29 EUCC certs in year one: enough CABs for the CRA?
ENISA reported 29 EUCC certificates and 28 accredited CABs after EUCC's first year. What that capacity means for CRA conformity assessment.
Compliance
CRA Conformity: Lessons from ENISA's EUDI Wallet Scheme
ENISA's first EU cybersecurity certification scheme requires SBOMs, rejects ISO 27001 alone, and puts suppliers in the certification chain. CRA implications.
Compliance
CRA Commission Guidance: What the March 2026 Draft Means
The Commission's draft CRA guidance (Ares(2026)2319816): 9 key rulings on SaaS scope, legacy products, open source, and reporting obligations, explained.
Stay in the loop
Get notified when we publish new articles about CRA compliance and product security.