Compliance
CRA vs MDR: Medical-Adjacent Product Compliance
Where CRA stops and MDR/IVDR starts for medical-adjacent products: wellness devices, health apps, telemedicine kit, and products outside the exemption.
Cyber Resilience Act Blog
Analysis and practical guidance on the EU Cyber Resilience Act. Regulation explainers, SBOM tooling, vulnerability workflows, and ENISA reporting, written for manufacturers, importers, and distributors.
Compliance
CRA for Consumer IoT: EN 303 645 and Smart Home Security
How the CRA applies to consumer IoT: default-category duties; Annex III Class I for smart-home security, social/tracking toys and health/children's wearables.
Compliance
CRA for Industrial Automation: IEC 62443 and OT Security
How the CRA applies to industrial automation and OT: IEC 62443 alignment, why most PLCs and SCADA are default-category, and what raises the class.
Compliance
CRA Deadlines 2026 & 2027: What's Due, What's Blocked
May 2026: no Notified Bodies under the Cyber Resilience Act, no harmonized standards, no ENISA platform. Article 14 applies 11 September 2026.
Stay in the loop
Get notified when we publish new articles about CRA compliance and product security.