Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] Fwd: CRA updates - SMEs, reporting platform and FOSS attestations 
Hi Steffen,

yes, right. Because who needs an API in 2026.
The original tender also said this should be open-source, oh well....

Have a great weekend everyone,
Lars


On Fri, Feb 13, 2026 at 6:04 PM Steffen Zimmermann via
open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx>
wrote:
>
> Dear all,
>
> Most interesting point is about the Single Reporting Platform. After talking with ENISA, is is clear that in September we will only have a web dashboard secured with the EU Login where manufacturers (or others) can report vulnerabilities manually via a standardized form.
>
> An API is under construction but will not be ready before 2027.
> Anyhow, the good news is that there will only be one reporting system, not many. So, no national portals for reporting vulnerabilities. This will be handled by the SRP.
>
> Viele Grüße,
>
>
>
> Steffen Zimmermann
>
> Industrial Security @ VDMA
>
>
>
>
>
>
>
> Von: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> im Auftrag von Juan Rico via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx>
> Datum: Freitag, 13. Februar 2026 um 17:51
> An: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
> Cc: Juan Rico <juan.rico@xxxxxxxxxxxxxxxxxxxxxx>
> Betreff: [open-regulatory-compliance] Fwd: CRA updates - SMEs, reporting platform and FOSS attestations
>
> Dear ORC Community,
>
> find below the email sent to the CRA Network by the European Commission. It includes very useful information for SMEs and the single reporting platform, as well as the link to the survey shared few days ago by our colleagues of FSFE.
>
> Have a great weekend,
> Juan
>
> ---------- Forwarded message ---------
> From: CNECT-CRA@xxxxxxxxxxxx <CNECT-CRA@xxxxxxxxxxxx>
> Date: Fri, 13 Feb 2026 at 17:45
> Subject: CRA updates - SMEs, reporting platform and FOSS attestations
> To: CNECT-CRA@xxxxxxxxxxxx <CNECT-CRA@xxxxxxxxxxxx>
>
>
> Dear CRA Network,
>
>
>
> Please find below some updates that may be of interest in relation to the implementation of the Cyber Resilience Act (CRA).
>
>
>
> ENISA SME Cyber Resilience Act Survey
>
> A few days ago, ENISA launched a survey for SMEs with the aim to understand the overall level of CRA awareness amongst SMEs, how ready and mature they feel for it, and what kind of support they would find most useful. The results will provide input to ENISA and the Commission on measures to best support SMEs in their CRA implementation efforts. Please participate in the survey where relevant and / or share it with you contacts!
>
> https://ec.europa.eu/eusurvey/runner/CRASMESurvey
>
>
>
> ENISA CRA SRP
>
> Under the CRA, ENISA is responsible for establishing and operating the CRA Single Reporting Platform. Today, ENISA launched a new webpage with frequently asked questions on reporting obligations and the development of the Single Reporting Platform.
>
> Single Reporting Platform (SRP) | ENISA
>
>
>
> Survey on voluntary attestations for free and open-source software
>
> The German Federal Office for Information Security (BSI) and the Free Software Foundation Europe (FSFE) have put together a survey to gather input on how voluntary security attestation programmes for open-source software could work under Article 25 of the Cyber Resilience Act. The survey is open until 28 February.
>
> CRA Article 25 — Attestation for Open-Source Software
>
>
>
> We take the occasion to wish you a pleasant weekend.
>
>
>
> Best wishes,
> CRA Team
>
> _______________________________________________
> open-regulatory-compliance mailing list
> open-regulatory-compliance@xxxxxxxxxxx
> To unsubscribe from this list, visit https://accounts.eclipse.org

Back to the top