CRA Compliance Resource Hub

The EU Cyber Resilience Act affects every product with digital elements sold in the EU — from consumer IoT devices to industrial software. This hub organises our guides by compliance domain to help you navigate the regulation systematically.

Understanding the CRA

The CRA (Regulation 2024/2847) introduces mandatory cybersecurity requirements for all products with digital elements. It defines product categories, compliance timelines, and the costs involved. Start here to understand what applies to you.

CRA Product Classification: Is Your Product Default, Important, or Critical?

A practical guide to determining your product's CRA category. Includes decision trees, Annex...

11 分で読む

EU Cyber Resilience Act: Complete Implementation Timeline 2025-2027

A comprehensive guide to CRA enforcement deadlines, what manufacturers need to prepare at each...

10 分で読む

CRA Compliance Cost: How to Budget for Conformity Assessment and Documentation

Practical cost estimation framework for CRA compliance. Covers conformity assessment costs by...

11 分で読む

Technical Compliance Requirements

The CRA mandates specific technical documentation for every product. At the core are Software Bills of Materials (SBOMs) and the Annex VII Technical File — machine-readable inventories of every component in your product, paired with vulnerability tracking.

SBOM Requirements Under the EU Cyber Resilience Act (CRA)

EU CRA SBOM requirements explained: accepted formats, mandatory fields, BSI TR-03183 quality...

6 分で読む

The CRA Technical File: What Goes in Each Section (Annex VII Breakdown)

A section-by-section guide to CRA technical documentation requirements. Includes templates,...

17 分で読む

How to Generate a CRA-Compliant SBOM: Tools, Formats, and CI/CD Integration

A hands-on guide to generating Software Bills of Materials for CRA compliance. Covers...

10 分で読む

HBOM for CRA Compliance: Hardware Bill of Materials Guide

Understanding Hardware Bills of Materials (HBOM) for CRA compliance. Covers what to include,...

11 分で読む

VEX for CRA Compliance: Vulnerability Exploitability eXchange Guide

How to use VEX documents for CRA compliance. Covers VEX formats, status types, integration with...

11 分で読む

Conformity Assessment & Declaration

How to prove compliance depends on your product category. 標準製品 can self-assess (Module A), while important products and critical products need third-party evaluation. Both paths end with an EU Declaration of Conformity and CE marking.

CRA Conformity Assessment: Module A vs B+C vs H Decision Guide

How to choose the right conformity assessment route for your product. Covers self-assessment eligibility, Notified...

15 分で読む

CRA Declaration of Conformity: Template and Step-by-Step Writing Guide

How to write a compliant EU Declaration of Conformity for CRA. Includes ready-to-use template, required elements...

18 分で読む

Vulnerability Management

Active vulnerability handling is a CRA first — manufacturers must implement coordinated vulnerability disclosure, report to ENISA within 24 hours, and maintain security updates for the entire support period.

EUサイバーレジリエンス法：2026年9月の脆弱性報告義務、日本のメーカーが知らない「既存製品にも適用される」という事実

EU...

3 分で読む

Coordinated Vulnerability Disclosure Under CRA: Policy Template and Setup

A practical guide to establishing a CRA-compliant CVD policy. Includes ready-to-use templates,...

12 分で読む

Setting Up security.txt for CRA Compliance: A 10-Minute Guide

A quick, practical guide to implementing security.txt for your products. Includes templates,...

8 分で読む

CRA Support Period Planning: 5 Years of Security Updates (And What That Really Means)

A practical guide to CRA support period obligations. Covers minimum requirements, update...

11 分で読む

CRA End-of-Life Planning: Responsible Product Transitions

How to plan and communicate product end-of-life under CRA. Includes communication templates,...

13 分で読む

Role-Specific Obligations

Your CRA obligations depend on your role in the supply chain. Manufacturers bear the heaviest burden, but importers and distributors have their own verification and due diligence requirements — and roles can escalate.

CRA Importer Obligations: What to Verify Before Placing Products on the EU Market

A practical guide to Article 19 verification requirements for EU importers. Includes checklists,...

10 分で読む

CRA Distributor Checklist: 5 Verification Steps for Every Product

A practical guide to Article 20 obligations for EU distributors. Know what to check before every...

10 分で読む

When Importers Become Manufacturers Under CRA: Role Escalation Explained

A practical guide to CRA Article 22 role escalation. Know when rebranding or modifying products...

12 分で読む

Multi-Role CRA Compliance: When You're Manufacturer, Importer, and Distributor

How to manage CRA obligations when your organization holds multiple economic operator roles....

12 分で読む

White-Label and OEM Products Under CRA: Who's the Manufacturer?

CRA obligations for white-label, OEM, and private-label products. Understand when the brand...

12 分で読む

CRA Supplier Due Diligence: Questionnaire Template and Verification Process

A practical supplier assessment framework for CRA compliance. Includes ready-to-use...

13 分で読む

Standards & Regulatory Alignment

The CRA doesn't exist in isolation — it interacts with existing standards (ISO 27001, IEC 62443, EN 303 645) and other EU regulations (NIS2, MDR). Understanding these overlaps helps you leverage existing compliance work.

CRA vs ISO 27001: How Your ISMS Supports Product Security Compliance

Understanding the relationship between ISO 27001 certification and CRA...

12 分で読む

CRA Compliance for Industrial Automation: IEC 62443 Alignment and OT Security Guide

How the CRA applies to industrial automation and OT products. Covers IEC...

12 分で読む

CRA Compliance for Consumer IoT: EN 303 645 Alignment and Smart Home Security Guide

How the CRA applies to consumer IoT products like smart home devices,...

14 分で読む

German BSI TR-03183: How It Extends CRA SBOM Requirements

Understanding the German BSI Technical Requirement for SBOM quality. A guide...

10 分で読む

CRA and NIS2: Where Cybersecurity Regulations Overlap for Product Companies

Understanding how CRA and NIS2 interact. A practical guide for organizations...

11 分で読む

CRA vs UK PSTI: Compliance Guide for EU and UK Markets

Comparing the EU Cyber Resilience Act with the UK Product Security and...

10 分で読む

CRA vs MDR: Compliance Guide for Medical-Adjacent Products and Digital Health

Understanding where CRA and MDR/IVDR overlap for medical-adjacent products....

11 分で読む

Country-Specific Guides

Each EU member state has its own CSIRT and national coordination body. These guides cover country-specific CRA implementation, local reporting channels, and national cybersecurity agencies.

CRA Compliance for French Manufacturers: ANSSI Coordination and CE Marking Guide

A guide for French manufacturers navigating CRA compliance. Covers ANSSI coordination, French...

9 分で読む

CRA Compliance for Spanish Manufacturers: INCIBE-CERT and Regional Support

A guide for Spanish manufacturers navigating CRA compliance. Covers INCIBE-CERT resources,...

9 分で読む

CRA Compliance for Italian Manufacturers: ACN Coordination and Market Entry Guide

A guide for Italian manufacturers navigating CRA compliance. Covers ACN coordination, CSIRT...

10 分で読む

CRA Compliance for Dutch Manufacturers: NCSC-NL Coordination and Market Entry Guide

A guide for Dutch manufacturers navigating CRA compliance. Covers NCSC-NL coordination, Dutch...

11 分で読む

CRA Compliance for Polish Manufacturers: NASK Coordination and Market Entry Guide

A guide for Polish manufacturers navigating CRA compliance. Covers NASK/CERT Polska...

11 分で読む

Industry-Specific Guidance

Some sectors have unique CRA considerations — from automotive supply chains to startup resource constraints. These guides address industry-specific challenges and enforcement risks.

CRA for Machinery Manufacturers

Dual compliance with the CRA and EU Machinery Regulation for machines with digital elements.

Landing page

CRA Compliance for Automotive Suppliers: UN R155/R156 Alignment and Aftermarket Guide

How the CRA applies to automotive suppliers and aftermarket products. Covers the vehicle...

11 分で読む

CRA Compliance for Startups: Practical Guide for Resource-Constrained Teams

How startups can achieve CRA compliance without breaking the bank. Covers prioritization, lean...

12 分で読む

Are Smart Cameras Important Products Under the EU Cyber Resilience Act?

Smart security cameras are classified as Important Products (Class I) under CRA Annex III. What...

9 分で読む

EU Cybersecurity Act 2: Supply Chain Bans, Certification Overhaul, and What Product Manufacturers Should Watch

On January 20, 2026, the EU proposed replacing the Cybersecurity Act entirely. Here is what...

10 分で読む

CRA Penalties in Practice: What Market Surveillance Actually Looks Like

Understanding CRA enforcement mechanisms, penalty structures, and what to expect from market...

11 分で読む

CRAはあなたの製品に適用されますか？

6つの質問に答えるだけで、あなたの製品がEUサイバーレジリエンス法の適用範囲に該当するかどうかがわかります。2分以内で結果を確認できます。

今すぐ確認

CRAコンプライアンスの達成に向けて

CRA EvidenceでSBOMとコンプライアンス文書の管理を始めましょう。

14日間無料トライアルを開始