Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] Fwd: CRA updates - SMEs, reporting platform and FOSS attestations
  • From: Steffen Zimmermann <steffen.zimmermann@xxxxxxx>
  • Date: Fri, 13 Feb 2026 17:04:10 +0000
  • Accept-language: de-DE, en-US
  • Arc-authentication-results: i=3; mx.microsoft.com 1; spf=pass (sender ip is 52.17.62.50) smtp.rcpttodomain=eclipse-foundation.org smtp.mailfrom=vdma.eu; dmarc=pass (p=quarantine sp=reject pct=100) action=none header.from=vdma.eu; dkim=pass (signature was verified) header.d=vdma.eu; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=vdma.eu] dkim=[1,1,header.d=vdma.eu] dmarc=[1,1,header.from=vdma.eu])
  • Arc-authentication-results: i=2; mx.avanan.net; arc=pass; dkim=none header.d=none
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vdma.eu; dmarc=pass action=none header.from=vdma.eu; dkim=pass header.d=vdma.eu; arc=none
  • Arc-message-signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=B7TLfxZvQfs2oe42o78p9c/NhtUysPRbhG7uo1jI6WY=; b=BTz40+EaPHX2dAEoCEHT4zRKmh9/WdRnE9f+zIipDYuomXTLV1TQ31i0+2CDUOCWw8b0bjGdJrj75cH+onmyQNFwhQqllaaW4x6gg7YDsxa4ArvSdEA0jV4yyCeYSx38cKQQMJd312jguHxYRpXIXY/vQW0MzK/x8QCSejzsem5pfpTesg/tHVrXt9moDRUv7v81me/I+YHhx8Mhjotm6KmMiSrEG0CKDGYM4GzSUOJupBSo5GHDnr1zMJyDSqgd3wbwc7G6UvkKKHhXfkSig/QBPIBi5ORGj/OYptfCqTqhBPW7ArAzB+Ezkwr7UkVqlWtVYI872Pe9SEVjXr3aGA==
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=avanan.net; s=arcselector01; t=1771002264; h=from : to : subject : date : message-id : content-type : mime-version; bh=B7TLfxZvQfs2oe42o78p9c/NhtUysPRbhG7uo1jI6WY=; b=Xt1iUW/gVHV5AK4dOhd3yTh+8287OcBvp1zfxQZpGNOAQmll7jdpGQKxqBb+fjOBeBwyh 0uxCx1QlTmI3eF7CTQhCx1ZsSDeFbgmlq99YGOYOHrdelJRZ3aR6HRJLWsGTfAkzUwcnFl6 zuKiuqg3gwPjq7MiLXU7pMn3MXTcbdU=
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=B7TLfxZvQfs2oe42o78p9c/NhtUysPRbhG7uo1jI6WY=; b=ZHLL7pObIgTqqbfnm3GrXWB0rZYFOgvo1ndkzhKRK10u/K3+Etx7kpnRkg9WCgHj+d1V+xUq9yh4AdAz/DSjxrBEP64yN1/R/3LVJHVklZnvTkeg1dZRPh/78L0EdCjB5IWs8jQ/Ke62e/pfzRgb9hWV05BJtU/+4ktuneP/EZbvPs21adP/ShixmBE37yklQ8tY0lJMv3wrYH4ysW9HMjqXwwjzRrRQGxfGbiRv+oT2F0NsnQQZZmW9vX39ODiT5mwG+ysJNvwendaZ+LfGFzhqmdEq+Dhoh9tzYo2OvkYi+H8+VX6PuMtEuMSGHbcQNBQtz2NfaRHXMERxIo8weg==
  • Arc-seal: i=3; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=nr2GJ7bhHxy99wGmQj7OnS3dbM/uKVrqSqMfSsD4SD3AI4Xk1ZzDH+pklk49RO6GDPBZ3JzK+1csyRsZ4asPn5h17PRTeNqrKEDNyhNuUyXqSqhLY/L+BMvyl7wmJDzOPB4Qne9IPfz8rkMcN0wrz3oUv/KzgCzsPwo2gaRFYQC5SdomR1FfzccwD7thaD0EHySx94bWkHrHUS5aUYhn+gBK1tWh+NXSBdBeiNEmbced+lO98jIewn/+dWrjqsECEfZmBpymbqlbBHpldxdG87slLsObk7f/74lVFB03xNTFaA31aw/pRWfrI/C3hmvl5JBVx5zVm1bFbRQmQsZJUQ==
  • Arc-seal: i=2; cv=pass; a=rsa-sha256; d=avanan.net; s=arcselector01; t=1771002264; b=NasYGAoNPBYp0gAw/XlIS+AuvxHdeGybkC4OaCGCTmOHH3/KmZo7eJiEWNAd0bjN56jRS wPlEEVFI6sJ32QyqBd++HuROUvHsNYifxvPQOIKVrHVXLZn8lcPfjc+KIVq/hC1dx0oqZJK 3CfUG7miyNBCzYOHdD8gQL7RZBgehG4=
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=CRGmw9SfnGjRZv9XNvrWYhIZckfARGo/RJirHAhnmF5XXU2nQgFSbLhqY2616LqTCWTQsiJY3MQmezHSOpggqnnK9kbgapHonwLck+aXicJTrHfi49wEQrqTgzOXPBguMbXQvHbu2T/35tdrASWAqzOALJ/b/YYBJ45y52cgNSb68k1uXkwPDV7GyerF2T8wI7OYdXztIdRXHX4BAxd2i5I1GQZPwfKWDA7LiAYrph2Npc63s9c8DNodIsgxRUTm8rWjauBNsKSpZahEL/zuHLGHu+fLv4tW/3G2ebH0jciU4wdre3FXL2DjLC4QaZAmc7Bh5oKCErZLm0/0dogESw==
  • Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
  • List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AdydCBoThnteVObJStOysGKNFe9JrgAANdaAAABbDdg=
  • Thread-topic: [open-regulatory-compliance] Fwd: CRA updates - SMEs, reporting platform and FOSS attestations
Dear all,

Most interesting point is about the Single Reporting Platform. After talking with ENISA, is is clear that in September we will only have a web dashboard secured with the EU Login where manufacturers (or others) can report vulnerabilities manually via a standardized form.

An API is under construction but will not be ready before 2027.
Anyhow, the good news is that there will only be one reporting system, not many. So, no national portals for reporting vulnerabilities. This will be handled by the SRP.

Viele Grüße,

 

Steffen Zimmermann

Industrial Security @ VDMA

 

 

 

Von: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> im Auftrag von Juan Rico via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx>
Datum: Freitag, 13. Februar 2026 um 17:51
An: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Juan Rico <juan.rico@xxxxxxxxxxxxxxxxxxxxxx>
Betreff: [open-regulatory-compliance] Fwd: CRA updates - SMEs, reporting platform and FOSS attestations

Dear ORC Community,

find below the email sent to the CRA Network by the European Commission. It includes very useful information for SMEs and the single reporting platform, as well as the link to the survey shared few days ago by our colleagues of FSFE.

Have a great weekend,
Juan

---------- Forwarded message ---------
From: CNECT-CRA@xxxxxxxxxxxx <CNECT-CRA@xxxxxxxxxxxx>
Date: Fri, 13 Feb 2026 at 17:45
Subject: CRA updates - SMEs, reporting platform and FOSS attestations
To: CNECT-CRA@xxxxxxxxxxxx <CNECT-CRA@xxxxxxxxxxxx>


Dear CRA Network,

 

Please find below some updates that may be of interest in relation to the implementation of the Cyber Resilience Act (CRA).

 

ENISA SME Cyber Resilience Act Survey

A few days ago, ENISA launched a survey for SMEs with the aim to understand the overall level of CRA awareness amongst SMEs, how ready and mature they feel for it, and what kind of support they would find most useful. The results will provide input to ENISA and the Commission on measures to best support SMEs in their CRA implementation efforts. Please participate in the survey where relevant and / or share it with you contacts!

https://ec.europa.eu/eusurvey/runner/CRASMESurvey

 

ENISA CRA SRP

Under the CRA, ENISA is responsible for establishing and operating the CRA Single Reporting Platform. Today, ENISA launched a new webpage with frequently asked questions on reporting obligations and the development of the Single Reporting Platform.

Single Reporting Platform (SRP) | ENISA

 

Survey on voluntary attestations for free and open-source software

The German Federal Office for Information Security (BSI) and the Free Software Foundation Europe (FSFE) have put together a survey to gather input on how voluntary security attestation programmes for open-source software could work under Article 25 of the Cyber Resilience Act. The survey is open until 28 February.

CRA Article 25 — Attestation for Open-Source Software

 

We take the occasion to wish you a pleasant weekend.

 

Best wishes,
CRA Team

Back to the top