The Cyber Resilience Act’s main obligations apply from 11 December 2027, but the hardware decisions that open or close your exposure are being made right now.
Here’s a look at the most interesting products from the past week, featuring releases from ArmorCode, Barracuda , Blue Planet, and more.
Ukraine Joins EU Cybersecurity Reserve, gaining access to emergency EU cyber response services for cyber incidents.
ArmorCode adds CRA compliance capabilities to help organizations manage vulnerabilities, reporting deadlines, and audits.
With the EU's Cyber Resilience Act's 24-hour reporting deadline looming, a new class of AI-powered platforms is emerging to manage this unprecedented co...
ArmorCode, the leader in Unified Exposure Management, today announced new Cyber Resilience Act (CRA) capabilities within the ArmorCode Agentic AI Platform. T...
Organizations are adopting SBOMs ahead of the CRA deadline, bringing software supply chain visibility into development workflows.
The EU Cyber Resilience Act enforcement clock is ticking. Understand CRA vulnerability reporting timelines, product conformity requirements, and how to prepare before September 2026.The post Key deadlines and reporting requirements for the EU Cyber Resilience Act (CRA) appeared first on Blog.
I. Overview The EU Cyber Resilience Act (CRA) is an EU product cybersecurity law for connected products (formally, “products with digital elements” under the CRA) commercialized in the EU; it entered…
EU Cyber Resilience Act compliance reaches a milestone today as the 92-day window to September 11 vulnerability reporting opens. Manufacturers of IoT devices or software in Europe must notify ENISA within 24 hours of detecting active exploitation or face fines up to 15 million euros. A 2026
From 11 September 2026, the EU Cyber Resilience Act (
The EU’s Cyber Resilience Act aims to make hardware and software more secure, and applies to vendors and to end-user organizations.
The Cyber Resilience Act sets new standards for digital product security, aiming to protect businesses and consumers in an increasingly connected world. It addresses compliance, challenges, and the future of cybersecurity.
On 20 January 2026, the European Commission published a proposal on the European Union Agency for Cybersecurity (ENISA), the European cybersecurity certification framework, and ICT supply chain security and repealing Regulation (EU) 2019/881 (the “Cybersecurity Act 2.0.” or “CSA 2.0.”).The proposal goes beyond the remit of cybersecurity as traditionally conceived under EU law. It would have important consequences for 18 critical sectors and their ICT suppliers, with broad implications for international trade and the EU’s relationships with key trading partners. This is the first time the EU is using a mandatory instrument to impose trade restrictions, grounded in geopolitical and national security concerns, affecting critical sectors’ ICT supply chains.The proposal would mandate the EU to identify “key ICT assets” in the supply chain of 18 critical sectors. These assets consist in components, systems, or services whose failure, manipulation, or compromise could significantly impact those sectors. The EU would then be empowered to designate non-EU countries or companies as “high-risk suppliers” and impose trade restrictions against them (including banning them from providing products or services to the EU’s critical sectors) if they generate “non-technical risk.”This article explores the “non-technical” aspects of the proposal and how these measures may affect companies operating in the 18 critical sectors and their suppliers.
OpenSSF warns that 66% of open source practitioners are unready and unaware of the Cyber Resilience Act compliance deadline
"Industry must prepare for the new European regulatory framework that will be compulsory in 2027"
Christopher CRob Robinson of OpenSSF describes soon-to-be-published findings of the 2026 CRA Awareness study.
Products placed on the EU market must comply with the Cyber Resilience Act from 11 December 2027.
The European Central Bank (ECB) is the central bank of the European Union countries which have adopted the euro. Our main task is to maintain price stability in the euro area and so preserve the purchasing power of the single currency.
Essential Privacy and Regulatory Research at Your Fingertips. Find everything you need to stay up-to-date on evolving privacy & security regulations around the world
ACI EUROPE has called for stronger collective cyber security measures across the aviation ecosystem following new AI threat developments.
[100 Pages] The Europe cybersecurity market size is projected to grow from USD 54.77 billion in 2025 to USD 83.14 billion by 2030, at a compound annual growth rate of 8.7%
The Cyber Resilience Act (“CRA”) is the first EU-wide regulation mandating minimum cybersecurity standards for all connected products sold on the internal market. It makes cybersecurity a mandatory product feature, requiring manufacturers to implement “security by design” and maintain robust update and vulnerability management processes throughout a product's lifecycle.
Traficom will oversee the Cyber Resilience Act market surveillance and notified bodies, while AI Act authorities supervise high-risk AI systems.
New BridgerWise Research on the opportunities and constraints facing European cybersecurity startups and scaleups