EU CRA enforcement begins 11 September 2026
Manufacturers must be fully compliant — fines of up to €15 million or 2.5% of global turnover.
CRA Compliance
Made Simple
The EU Cyber Resilience Act creates mandatory cybersecurity requirements for all products with digital elements. CRAReady helps manufacturers assess, manage and report — before the deadline.
Time remaining until enforcement
11 September 2026 · Article 14 vulnerability & incident reporting deadline
Core CRA obligations for manufacturers
Platform
Complete Compliance Solution
Four integrated modules covering the full CRA compliance lifecycle.
CRA Assessment
LiveGuided questionnaire to determine if the CRA applies, your product classification (Default / Important / Critical), and your conformity route.
Incident Reporting
Phase 2ENISA-compliant early warning notifications and Article 14 detailed reporting workflows with automated deadline tracking.
SBOM Generation
Phase 3Automated CycloneDX SBOM creation from GitHub repositories or ZIP uploads, with version tracking and diff analysis.
Vulnerability Scanning
Phase 3Continuous scanning against NVD, EUVD, OSV and GitHub Advisory databases with VEX statement generation.
Regulatory Timeline
Key Dates & Deadlines
Article 14 obligations begin — early warning within 24h of exploited vulnerabilities
All in-scope products must meet essential cybersecurity requirements and carry CE marking
Ready to Get CRA Compliant?
Start with our free CRA applicability assessment — no account required. Understand your obligations in under 2 minutes.