Compliance
ENISA's Secure Update Mechanisms Advisory: A CRA Guide
A practical guide to ENISA's Secure Update Mechanisms advisory: the CRA update obligations, 7 threats, the controls that counter them, and a worked example.
Cyber Resilience Act Blog
Analysis and practical guidance on the EU Cyber Resilience Act. Regulation explainers, SBOM tooling, vulnerability workflows, and ENISA reporting, written for manufacturers, importers, and distributors.
Compliance
ENISA Onboards Its First CNAs: What It Means for CRA Article 14
ENISA onboards its first CVE Numbering Authorities: what 4 new CNAs and 7 transfers mean for the CRA Article 14 reporting chain before 11 September 2026.
Compliance
ENISA NCAF 2.0: What the 2026 Update Means for CRA
ENISA's NCAF 2.0 (April 2026) is the first update in six years: three new objectives, 871 maturity questions, and explicit CRA references for governments.
Compliance
ENISA Technology and Innovation Radar: What It Means for CRA
ENISA's April 2026 Technology and Innovation Radar shows how cyber technologies move from recognise to implement. What the scoring means for manufacturers.
Compliance
29 EUCC certs in year one: enough CABs for the CRA?
ENISA reported 29 EUCC certificates and 28 accredited CABs after EUCC's first year. What that capacity means for CRA conformity assessment.
Compliance
CRA Conformity: Lessons from ENISA's EUDI Wallet Scheme
ENISA's first EU cybersecurity certification scheme requires SBOMs, rejects ISO 27001 alone, and puts suppliers in the certification chain. CRA implications.
Stay in the loop
Get notified when we publish new articles about CRA compliance and product security.