← All features

CRA Compliance

Cyber Resilience Act for Product Companies

Product classification (Default, Important Class I/II, Critical), SBOM tracking, vulnerability reporting workflow, and CE marking readiness. September 2026 deadline for reporting obligations.

What's included

  • Product classification (Default / Important / Critical)
  • Software Bill of Materials (SBOM) tracking
  • Vulnerability reporting workflow
  • CE marking readiness assessment
  • Security update obligation tracking
Fines up to EUR 15M or 2.5% global turnover — reporting obligations from Sept 2026

For manufacturers and distributors of products with digital elements sold in the EU market.

See it in action

Start with a free compliance check and see which features matter most for your business.

Start your free assessment
Free compliance check — find out which EU regulations apply to your business