Cyber Resilience Act (CRA)

Jurisdiction
European Union
Region
Europe
Requirement
Required
Organization
European Union
Provision
Annex 1 Sec. 2(5)
Applies to
Manufacturers of software and digitally-enabled devices in the EU Single Market
Date
December 10, 2024
Description

Requires manufacturers to put in place and enforce a policy on coordinated vulnerability disclosure. 

Establish a coordinated vulnerability disclosure policy (CVD).

Full compliance deadline: December 10, 2027 

Early reporting obligations: Some provisions, like vulnerability reporting, may apply earlier, starting 21 months after the CRA enters into force


 

https://www.europarl.europa.eu/doceo/document/TA-9-2024-0130_EN.html#title2