CRA Articles
Plain-language guides to key Cyber Resilience Act obligations.
CRA Article 13: Security Updates
Manufacturers must provide security updates for products with digital elements for a defined support period.
CRA Article 14: Active Vulnerability Reporting
Manufacturers must notify ENISA within 24 hours (early warning) and submit a detailed notification within 72 hours of becoming aware of active exploitation.
CRA Article 15: Coordinated Vulnerability Disclosure
Manufacturers must handle vulnerability reports from third parties and coordinate disclosure with ENISA.