The Cyber Resilience Act 🇪🇺
An independent reference on the obligations the Act places on manufacturers, software developers, importers and distributors; and a structured route towards compliance.
The primary sources, in a readable form
The legal text, its annexes and the official guidance; presented in a clean reading layout, with a plain-language explainer for the parts that need one.
The full text of Regulation (EU) 2024/2847; all 71 articles, navigable by chapter.
→§ 2The CRA; annexesAnnexes I–VIII: essential requirements, product classes and technical documentation.
→§ 3Commission guidanceThe latest official guidance on the Regulation's scope and application.
→§ 4The Act, explainedA plain-language walkthrough of scope, classes and obligations, linked to the articles.
→Obligations differ along the supply chain
Software developers
Secure development, coordinated vulnerability handling and software bill of materials obligations.
Manufacturers
Essential requirements, conformity assessment and the technical documentation expected of producers.
Importers & distributors
Due-diligence duties, CE-marking verification and record-keeping for economic operators.
Tools to work through the Regulation
Provided free of charge to help stakeholders assess their position; they are informational and do not replace formal conformity assessment.
Establish whether the Act applies
A short structured questionnaire that indicates whether a product falls within the scope of the Regulation, and its likely class.
What you bring
- A product to assess
- One minute; no sign-up
What you'll get
- Whether the CRA applies to you
- Your product's likely class
- The obligations that follow