Analysis and practical guidance on the EU Cyber Resilience Act. Regulation explainers, SBOM tooling, vulnerability workflows, and ENISA reporting, written for manufacturers, importers, and distributors.
ENISA's ECSMAF v3.0 defines how the EU categorises its cybersecurity market: the supply-side taxonomy, CRA integration, and what it means for manufacturers.
ENISA's Security by Design and Default Playbook (v0.4, 2026) turns CRA rules into 22 practical checklists for SMEs: principles, lifecycle and CRA mapping.
The Commission's draft CRA guidance (Ares(2026)2319816): 9 key rulings on SaaS scope, legacy products, open source, and reporting obligations, explained.
Generate a firmware SBOM using Yocto, Buildroot, EMBA, or Syft. Step-by-step workflows for CRA compliance before the September 2026 ENISA reporting deadline.
Smart security cameras are classified as Important Products (Class I) under CRA Annex III. What this means for manufacturers, importers and distributors.
CSA2 is still a proposal. COM(2026) 11 final would reshape cybersecurity certification, ICT supply chains and ENISA powers.
Get notified when we publish new articles about CRA compliance and product security.
