Cyber Resilience Act Blog

Analysis and practical guidance on the EU Cyber Resilience Act. Regulation explainers, SBOM tooling, vulnerability workflows, and ENISA reporting, written for manufacturers, importers, and distributors.

Country & Market Guides

CRA for Dutch Manufacturers: NCSC, RDI and Rotterdam

Country brief for Dutch manufacturers under the CRA: NCSC reporting, intended RDI market surveillance, RvA accreditation, Warenwet language rule, Rotterdam.

Country & Market Guides

CRA for French Manufacturers: ANSSI, ANFR and CE Marking

Country brief for French manufacturers under the CRA: CERT-FR routing, ANSSI as notifying authority, ANFR for market surveillance, COFRAC accreditation.

Country & Market Guides

CRA for Spanish Manufacturers: INCIBE-CERT, CCN and ENAC

Country brief for Spanish manufacturers under the CRA: likely INCIBE-CERT reporting, the CCN/ENAC notified-body split, Spanish-language duties, and funding.

Compliance

CRA Deadlines 2026 & 2027: What's Due, What's Blocked

May 2026: no Notified Bodies under the Cyber Resilience Act, no harmonized standards, no ENISA platform. Article 14 applies 11 September 2026.

EU Cyber Resilience Act compliance guide Check CRA Applicability Create Free Account

Cyber Resilience Act Blog

CRA for Dutch Manufacturers: NCSC, RDI and Rotterdam

CRA for French Manufacturers: ANSSI, ANFR and CE Marking

CRA for Spanish Manufacturers: INCIBE-CERT, CCN and ENAC

CRA Deadlines 2026 & 2027: What's Due, What's Blocked

Stay in the loop