Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] Fwd: CRA updates - SMEs, reporting platform and FOSS attestations
Thank you for this additional information - has this been stated anywhere publicly?

Thanks,
Dave

On 2/13/26 12:04 PM, Steffen Zimmermann via open-regulatory-compliance wrote:
Dear all,

Most interesting point is about the Single Reporting Platform. After talking with ENISA, is is clear that in September we will only have a web dashboard secured with the EU Login where manufacturers (or others) can report vulnerabilities manually via a standardized form.

An API is under construction but will not be ready before 2027.
Anyhow, the good news is that there will only be one reporting system, not many. So, no national portals for reporting vulnerabilities. This will be handled by the SRP.

Viele Grüße,

 

Steffen Zimmermann

Industrial Security @ VDMA

 

 

 

Von: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> im Auftrag von Juan Rico via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx>
Datum: Freitag, 13. Februar 2026 um 17:51
An: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Juan Rico <juan.rico@xxxxxxxxxxxxxxxxxxxxxx>
Betreff: [open-regulatory-compliance] Fwd: CRA updates - SMEs, reporting platform and FOSS attestations

Dear ORC Community,

find below the email sent to the CRA Network by the European Commission. It includes very useful information for SMEs and the single reporting platform, as well as the link to the survey shared few days ago by our colleagues of FSFE.

Have a great weekend,
Juan

---------- Forwarded message ---------
From: CNECT-CRA@xxxxxxxxxxxx <CNECT-CRA@xxxxxxxxxxxx>
Date: Fri, 13 Feb 2026 at 17:45
Subject: CRA updates - SMEs, reporting platform and FOSS attestations
To: CNECT-CRA@xxxxxxxxxxxx <CNECT-CRA@xxxxxxxxxxxx>


Dear CRA Network,

 

Please find below some updates that may be of interest in relation to the implementation of the Cyber Resilience Act (CRA).

 

ENISA SME Cyber Resilience Act Survey

A few days ago, ENISA launched a survey for SMEs with the aim to understand the overall level of CRA awareness amongst SMEs, how ready and mature they feel for it, and what kind of support they would find most useful. The results will provide input to ENISA and the Commission on measures to best support SMEs in their CRA implementation efforts. Please participate in the survey where relevant and / or share it with you contacts!

https://ec.europa.eu/eusurvey/runner/CRASMESurvey

 

ENISA CRA SRP

Under the CRA, ENISA is responsible for establishing and operating the CRA Single Reporting Platform. Today, ENISA launched a new webpage with frequently asked questions on reporting obligations and the development of the Single Reporting Platform.

Single Reporting Platform (SRP) | ENISA

 

Survey on voluntary attestations for free and open-source software

The German Federal Office for Information Security (BSI) and the Free Software Foundation Europe (FSFE) have put together a survey to gather input on how voluntary security attestation programmes for open-source software could work under Article 25 of the Cyber Resilience Act. The survey is open until 28 February.

CRA Article 25 — Attestation for Open-Source Software

 

We take the occasion to wish you a pleasant weekend.

 

Best wishes,
CRA Team


_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

Back to the top