Reporting duties from 11 Sep 2026 — countdown running

CRA Reporting Readiness Check

CRA reporting duties apply from 11 Sep 2026 — including products already on the market. Are your 24h processes ready?

The Cyber Resilience Act obliges manufacturers of products with digital elements (including pure software) to report actively exploited vulnerabilities and severe incidents: early warning within 24 hours, notification within 72 hours — via the ENISA reporting platform. This check tests whether your organization can deliver that from 11 Sep 2026. Non-binding first assessment — no legal advice.

approx. 3 minutes10 questionsAs of: 2026-07-04

Non-binding first assessment — no legal advice, no proof of compliance.