Everything you need to
understand and comply with the CRA
Free guides, interactive tools and practical resources for manufacturers of connected products subject to the Cyber Resilience Act.
Documents to download
CRA Compliance Checklist
20 obligations to verify before December 2027. With priority levels and implementation times.
Download PDFCRA Glossary — 40 defined terms
SBOM, VEX, PSIRT, CVD, EPSS — all technical and regulatory terms defined clearly.
Download PDFFAQ — 20 questions on the CRA
Scope, mandatory SBOM, notification deadlines, sanctions, product classes.
Read the FAQWhat is the Cyber Resilience Act?
Complete guide: definition, 3 product classes, 5 key obligations, 2026-2027 timeline.
Read the guideEvaluate your situation
CRA Maturity Simulator
Personalised score on 5 axes: SBOM, CVE, PSIRT, documentation, notification. Result in 10 minutes.
Use the simulator →Non-compliance Cost Calculator
Estimate your potential CRA fine according to your product class and turnover.
Calculate my exposure →Interactive CRA Timeline
All key dates from 2024 to 2027. Filter by obligation type and product class.
See the timeline →CRA Class Quiz
Determine the CRA class of your product in 5 questions.
Take the quiz →Interactive CRA Checklist
20 obligations with real-time score. Track your progress obligation by obligation.
Start the checklist →CVD Policy Generator
Create your Coordinated Vulnerability Disclosure policy in 3 minutes.
Generate my policy →VAST automates these obligations for you
SBOM, CVE monitoring, VEX generation, PSIRT notifications — automatically.