One post tagged with "vulnerability-handling"

On 3 December 2025, the European Commission published its first Frequently Asked Questions document on the Cyber Resilience Act (CRA). This is the first official implementation guidance since the regulation was published in November 2024, and it provides important clarifications on how manufacturers should approach compliance.

The FAQ is a substantial document covering scope, product classification, manufacturer obligations, vulnerability reporting, conformity assessment, and timelines. For product teams preparing for the December 2027 deadline, Chapters 4 (Manufacturer Obligations) and 5 (Reporting) contain the most actionable guidance.