CRA Reporting Starts in September
The Cyber-Resilience Act (CRA) reporting clock starts on 11 September 2026. From that date, manufacturers must report actively exploited vulnerabilities and severe incidents affecting the security of products with digital elements through the ENISA Single Reporting Platform (SRP) (Commission reporting guidance, ENISA SRP page).
