Cyber Resilience Act Compliance Blog

Compliance, vulnerability management, and product security for manufacturers, importers, and distributors.

ENISA 2026 European Cybersecurity Certification Conference, 15 April 2026, Ayia Napa

Compliance

European Cybersecurity Certification Conference, 15 Apr 2026

Field notes from ENISA's 15 April 2026 conference: CSA2, the new ECCF, CRA conformity, the CAB capacity gap, EUDI Wallet, and the EU MSS scheme.

Apr 15, 2026

ENISA EUDI Wallet certification scheme and CRA conformity assessment

Compliance

CRA Conformity: Lessons from ENISA's EUDI Wallet Scheme [2026]

ENISA's first EU cybersecurity certification scheme requires SBOMs, rejects ISO 27001 alone, and puts suppliers in the certification chain. CRA implications.

Apr 4, 2026

ENISA ECSMAF v3.0 market framework showing cybersecurity value stacks and CRA compliance connection

Country & Market Guides

ECSMAF v3.0 Explained: How ENISA Maps the EU Cybersecurity Market

ENISA's ECSMAF v3.0 defines how the EU categorises and monitors its cybersecurity market. We break down the supply-side taxonomy, CRA integration, and what it means for manufacturers.

Mar 27, 2026

ENISA Secure by Design and Default Playbook, a practical guide for product teams under the CRA

Vulnerability Management

ENISA's Secure by Design Playbook: What It Means for Product Teams Under the CRA

ENISA's Security by Design and Default Playbook (v0.4, March 2026) gives SMEs 22 practical checklists for CRA compliance. We break down the principles, lifecycle activities, threat modelling process, and CRA mapping.

Mar 20, 2026

Compliance

The CRA Gets Its Instruction Manual: What the Commission Guidance Means for You

The European Commission released draft guidance on the Cyber Resilience Act (Ares(2026)2319816). We break down the 9 key rulings on SaaS scope, legacy products, open source, and reporting obligations.

Mar 3, 2026

Diagram showing firmware SBOM generation pipeline

Compliance

How to Generate a Firmware SBOM: Open Source Tools and Workflows

Generate a firmware SBOM using Yocto, Buildroot, EMBA, or Syft. Step-by-step workflows for CRA compliance before the September 2026 ENISA reporting deadline.

Feb 28, 2026

EU Cyber Resilience Act compliance guide Check CRA Applicability Create Free Account

Cyber Resilience Act Compliance Blog

European Cybersecurity Certification Conference, 15 Apr 2026

CRA Conformity: Lessons from ENISA's EUDI Wallet Scheme [2026]

ECSMAF v3.0 Explained: How ENISA Maps the EU Cybersecurity Market

ENISA's Secure by Design Playbook: What It Means for Product Teams Under the CRA

The CRA Gets Its Instruction Manual: What the Commission Guidance Means for You

How to Generate a Firmware SBOM: Open Source Tools and Workflows

Stay in the loop