EU Cyber Resilience Act (CRA): The 2026/2027 Compliance Guide

EU Regulation 2024/2847 sets cybersecurity requirements for products with digital elements. Here's what you need to know.

Whitepaper

CRA compliance for manufacturers

Read online or download the PDF. No registration required.

Read online Download PDF

CRA compliance topics

From what the CRA is to how to file vulnerability reports, each cluster links to deep-dive articles indexed by article number.

CRA Overview

Learn what the EU Cyber Resilience Act is, who must comply, and how the manufacturer, importer, and distributor roles split the obligation set.

Learn more →

SBOM

Learn how to build, exchange, and govern Software Bills of Materials in CycloneDX or SPDX so they meet CRA requirements before the December 2027 deadline.

Learn more →

Conformity and documentation

Classify your product, pick the right conformity assessment module, build your CRA technical documentation, and issue the EU Declaration of Conformity.

Learn more →

Vulnerability handling and reporting

Build a vulnerability handling program and reporting flow for actively exploited vulnerabilities and severe incidents.

Learn more →

Support period and security updates

Set clear support-period dates, publish the end-of-support date, and deliver free security updates throughout the product lifetime.

Learn more →

Explore more CRA articles

Every article in the CRA compliance guide, grouped by topic cluster.

CRA Overview

SBOM

Conformity and documentation

Vulnerability handling and reporting

Support period and security updates

Related: CRA and the EU Machinery Regulation.

Start preparing now

December 2027 is closer than it looks. Get your products and documentation ready.

Start 14-Day Free Trial See the platform Book a free CRA roadmap call
See how we work with teams See how the CRA Evidence platform helps with compliance Read the latest CRA compliance articles