The European Commission has launched a new website dedicated to the Cyber Resilience Act (CRA), giving everyone a clear, central place to understand what the regulation requires, how it will be implemented, and what support is available to prepare for compliance.
VISIT THE WEBSITE
The website was unveiled on 3 December during the CRAzy About Product Cybersecurity: From Compliance to Confidence, where CYBERSTAND.eu contributed to the session on making the CRA work for SMEs. This new website matters because it brings together, in one place, everything manufacturers, software developers, distributors, SMEs and public authorities need to navigate the CRA. Until now, information was scattered across legal texts, guidance documents and standardisation updates. The new portal solves that problem by offering a structured, practical roadmap through each phase of the regulation: objectives, obligations, timelines, standards, reporting, conformity assessment and support tools.
The event where the website was launched focused on exactly this need for clarity. EU Commission experts and stakeholders broke down the CRA’s scope, its horizontal cybersecurity requirements for all products with digital elements, and what these rules mean as Europe moves through the three-year transition period. The event also highlighted how standardisation work will turn the CRA into something manufacturers and developers can operationalise, and how cooperation between institutions, industry and Member States will guide a smooth implementation.
CYBERSTAND.eu played an active role in the session dedicated to SMEs. The Project coordinator Nicolas Ferguson presented how CYBERSTAND.eu is helping SMEs understand their new obligations and prepare early. He outlined the project’s expert community, workshops and training events designed to make CRA compliance achievable rather than overwhelming. This contribution aligns naturally with the new Commission website, which dedicates a full section to SMEs and the support ecosystem available to them.
The site offers a clear structure built around the main actors involved in the CRA and the mechanisms required to implement it:
- Manufacturers: What changes in product design, development, updates and vulnerability handling.
- Member States: Market surveillance responsibilities.
- SMEs and start-ups: Funding and tools to support compliance.
- Open-source community: How open-source contributors fit into the CRA ecosystem.
- Standardisation: How European and international standards will support CRA requirements.
- Reporting obligations: How the Single Reporting Platform will work.
- Conformity assessment: What economic operators must demonstrate and how.
- FAQ, summaries and legal essentials: Plain-language explanations of the CRA, timelines, and key documents.
The Manufacturers section also includes the growing collection of CRA National Guides, offering country-specific explanations of how each Member State is organising market surveillance, conformity assessment procedures and national points of contact. These guides give companies a practical way to understand local expectations while staying aligned with the EU-wide framework.
The SMEs section also highlights CYBERSTAND.eu and other EU-funded initiatives that form the newly established CRA Cluster of Projects. These projects are referenced as key support mechanisms providing both financial and technical assistance to SMEs, helping smaller companies build the capabilities they need to comply with the CRA without disproportionate effort.
Every organisation developing, selling, distributing or integrating products with digital elements in the EU should start using this resource. The site answers the practical questions every organisation has:
What do we need to do? By when? Which standards apply? How do we prepare? What tools exist to support us? It also gives policymakers, researchers and consumer-facing organisations a transparent view of how the CRA is being rolled out.
The site’s dedicated pages on standardisation and SME support directly link to the mission of CYBERSTAND.eu. The project is highlighted on the Commission’s standardisation page as an initiative that empowers European stakeholders to participate in CRA-related standards and conformity processes. This is an important recognition. Read the newly launched CRA website to understand what the regulation means for your organisation and what steps you need to take next. Doing so will help you navigate the transition period with confidence, prepare for future obligations, and contribute to a stronger, more secure digital ecosystem across Europe.
VISIT THE WEBSITE