ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

CRA-CYBER-RESILIENCE-ACT

CRA Cyber Resilience Act compliance regulation modern detailed.

Definition

CRA (Cyber Resilience Act) is EU Regulation 2024/2847 published 20 November 2024 (entry into force 11 December 2024, application 11 December 2027 except reporting obligations 11 September 2026) imposing cybersecurity requirements all products with digital elements (PDEs) placed on EU market (~hardware + software IoT products + apps + games + smart home + industrial + medical devices except already regulated NIS2 + DORA + Medical Devices Reg + aviation + cars), including secure-by-design + secure-by-default + vulnerability handling + 24/7/365 24-hour incident notification + 5 years support coverage minimum. Technical detail + application scope + compliance obligations + non-compliance sanctions + reporting processes + impact on in-scope companies + alignment with adjacent national + international regulations + governance + supervisory authorities + implementation timeline + transitions + case law + industry best practices documentation adoption.

Origin

EU Regulation 2024/2847 CRA published 20 November 2024 ; entry into force 11 December 2024 ; application 11 December 2027 ; reporting obligations 11 September 2026.

Example in context

Smart home device manufacturer Philips Hue sells smart lightbulbs in EU: CRA compliance 2027+ requires (1) Conformity assessment via internal control or notified body (depending product class default standard + critical CRA Annex III), (2) CE marking with cybersecurity assessment, (3) Vulnerability handling + monthly security updates + 5-year minimum support, (4) Actively exploited vulnerability report ENISA within 24 hours discovery + incident report 72 hours, (5) Software Bill of Materials SBOM publication + maintenance.

Last updated: May 16, 2026