Are you ready for the CRA reporting duties?
Although most of the CRA applies from 11 December 2027, some articles come into force earlier. For manufacturers, one of the most important is Article 14, which defines their reporting duties. From 11 September 2026, affected manufacturers must report actively exploited vulnerabilities and severe security incidents that affect the security of their products with digital elements. These deadlines are tight, especially for smaller manufacturers:
- Manufacturers must send an early warning without undue delay and within 24 hours at the latest
- Within 72 hours, they must provide further information about the product, the vulnerability or incident, and the measures already taken or planned
- For actively exploited vulnerabilities, a final report must be ready no later than 14 days after a corrective or mitigating measure becomes available. For severe security incidents, it must be ready no later than one month. This report must include, among other things, the description, severity and impact, as well as information about any updates or other measures needed by customers.
The early warning deadline in particular can be difficult for smaller manufacturers. Not every company has people available on weekends to carry out detailed analysis, prepare reports and decide whether a notification is needed. That is why it is important to prepare now, so that no time is lost during this critical phase. A clear view of your products and their security profile, together with a defined process, is essential.
There is also still a lot of uncertainty around many details of the regulation, despite the limited time left. The EU plans to publish additional guidance in time. Even if this guidance is published on schedule, there will not be much time left before the reporting duties take effect.
Supply Warden is being built to help manufacturers track product information, vulnerabilities, measures and reporting deadlines in one place. Join our mailing list if you would like updates on CRA reporting duties, Supply Warden features and practical preparation steps.