[open-regulatory-compliance] Fwd: ENISA call for feedback, Cyberstand an

[Juan Rico <juan.rico@xxxxxxxxxxxxxxxxxxxxxx>]

Dear ORC Community,

find below the message shared by the Commission today. Highlights:

- ENISA open consultation on secure package managers - Link here and open until 23 January 2025

- Cyberstand funding to review Standards - you can review the call and apply for funding by 16 January here.

- CEN-CENELEC webinars on Hardware devices with security boxes -two webinars details in the email below.

Best regards,

Juan

---------- Forwarded message ---------
From: CNECT-CRA@xxxxxxxxxxxx <CNECT-CRA@xxxxxxxxxxxx>
Date: Thu, 18 Dec 2025 at 15:19
Subject: ENISA call for feedback, Cyberstand and CEN-CENELEC webinars
To: CNECT-CRA@xxxxxxxxxxxx <CNECT-CRA@xxxxxxxxxxxx>

Dear CRA Network,

 

Please find below some updates of relevance to CRA implementation and supply chain security more in general.

 

ENISA Call for Feedback: Advancing Software Supply Chain Security together

ENISA published a call for feedback on two draft documents that are not directly related to the implementation of the CRA, but that may be of interest to you and your organisations.

The first is a draft guidance for implementing Software Bill of Materials practices within organisations of varying sizes and capabilities. The second is a draft technical advisory for the secure use of package managers.

The documents, as well as the EU Survey to provide feedback, can be accessed at this link. The call for feedback will remain open until 23 January 2025.

 

Cyberstand funding to review standards

The EU-funded project Cyberstand.eu has launched a specific service procedure to fund experts to review draft European standards to support the CRA that are currently under development.

This funding round is specifically dedicated to reviewing standards from the perspective of SMEs, to identify where the text may create unnecessary burdens for them or where clarity, feasibility, or proportionality can be improved.

You can review the call and apply for funding by 16 January here.

 

CEN-CENELEC webinars on Hardware devices with security boxes

Please also be informed that, as part of its CRA Standards Unlocked series, CEN-CENELC is organising two sessions on the standard related to Hardware Devices with Security Boxes.

 

1. CRA Standards Unlocked: Cybersecurity Requirements for Hardware Devices with Security Boxes

Online — 08 January 2026 | 11:00–12:30 CET

Kick off the year with an essential look at the harmonized standard for Hardware Devices with Security Boxes. Join experts from CEN TC 224 WG 17 as they explain the latest developments and how this work will help you meet the CRA’s cybersecurity requirements in a pragmatic, standards-aligned way.

Register now for this session and get ahead in your CRA planning!

 

2. CRA Standards Unlocked: Deep Dive Session on Cybersecurity Requirements for Hardware Devices with Security Boxes

Online — 22 January 2026 | 13:00–17:00 CET

Take a deeper dive into the draft standard with the project’s rapporteur and technical experts. This extended session offers hands-on insights into the design approach, compliance criteria shaping, and discussion opportunities that go beyond the high-level overview.

Secure your seat — this interactive session is perfect for technical leads, product security teams, SMEs and standards stakeholders.

 

Participation is free of charge, but registration is mandatory. In case of questions related to this webinar, please don’t hesitate to contact CEN-CENELEC via trainings@xxxxxxxxxxxxx.

 

We trust you find this information useful, and please do not hesitate to disseminate it to interested stakeholders.

 

Best wishes,
CRA Team

 

Have you been forwarded this email? Sign up here.

You no longer wish to receive these updates? Please reply to this email and we will delete you from our database.