Analysis and practical guidance on the EU Cyber Resilience Act. Regulation explainers, SBOM tooling, vulnerability workflows, and ENISA reporting, written for manufacturers, importers, and distributors.
ENISA's ECSMAF v3.0 defines how the EU categorises its cybersecurity market: the supply-side taxonomy, CRA integration, and what it means for manufacturers.
Comparing the EU Cyber Resilience Act with the UK PSTI Act: key differences, where they overlap, and dual-compliance strategies for both markets.
Country brief for Polish manufacturers under the CRA: CSIRT NASK routing, PCA accreditation, KSC overlap, Polish-language duties, and FENG/KPO funding.
Country brief for Italian manufacturers under the CRA: ACN authority, ACCREDIA accreditation, OCSI/EUCC, Italian-language duties, and Transizione 5.0 funding.
Country brief for Dutch manufacturers under the CRA: NCSC reporting, intended RDI market surveillance, RvA accreditation, Warenwet language rule, Rotterdam.
Country brief for French manufacturers under the CRA: CERT-FR routing, ANSSI as notifying authority, ANFR for market surveillance, COFRAC accreditation.
Get notified when we publish new articles about CRA compliance and product security.
