Regulatory hub
Cyber Resilience Act Hub
Working guidance for teams shipping products with digital elements into the EU market. This hub focuses on implementation clarity and primary source traceability. It is not legal advice.
For release-by-release context, see Regulatory updates.
Primary text: Regulation (EU) 2024/2847 ยท Last reviewed: 2026-04-29
What Is the CRA and Why It Matters
Core scope, legal structure, and milestones (2026 reporting obligations and 2027 full enforcement).
How to Classify Product Scope Under the CRA
Default vs important vs critical categories and what each pathway means for conformity assessment.
Article 14 Reporting: 24h, 72h, and Final Notice
Practical PSIRT workflow for awareness triggers, ENISA notifications, and evidence retention.