CRA Compliance Hub

繁中

EN 中文日本語 한국어 DE FR ES IT 繁中 NL PL

來源文件

本站所有義務、情境和工具輸出均可追溯至這些官方來源。

法規

標題	CELEX / ELI	狀態	版本日期
Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements (Cyber Resilience Act) Entered into force 11 December 2024. Full application 11 December 2027. Art. 14 vulnerability reporting applies from 11 September 2026.	32024R2847	In force	2024-11-20
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS2)	32022L2555	In force	2022-12-27
Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR)	32016R0679	In force	2016-05-04
Regulation (EU) 2024/1689 — Artificial Intelligence Act Crosswalk relevant for AI-containing PDEs classified as high-risk AI systems.	32024R1689	In force	2024-07-12

附件

標題	CELEX / ELI	狀態	版本日期
CRA Annex I — Essential cybersecurity requirements Part I: security properties. Part II: vulnerability handling.	32024R2847	In force	2024-11-20
CRA Annex II — Information and instructions to the user	32024R2847	In force	2024-11-20
CRA Annex III — Important products with digital elements (Class I and Class II)	32024R2847	In force	2024-11-20
CRA Annex IV — Critical products with digital elements	32024R2847	In force	2024-11-20
CRA Annex V — EU Declaration of Conformity	32024R2847	In force	2024-11-20
CRA Annex VI — Conformity assessment procedures Modules A (internal control), B+C (EU type-examination), H (full quality assurance).	32024R2847	In force	2024-11-20
CRA Annex VII — Technical documentation	32024R2847	In force	2024-11-20
CRA Annex VIII — Information for conformity assessment bodies	32024R2847	In force	2024-11-20

委員會指導意見

標題	CELEX / ELI	狀態	版本日期
Commission Communication — Guidance on the application of Regulation (EU) 2024/2847 (Cyber Resilience Act) Ares(2026)2319816. Non-binding draft guidance (~70 pages). Not yet adopted. Content tagged with status: draft-guidance in the rules engine until final adoption. Key sections: §3 commercial activity, §6 product classification, §8 RDPS test, substantial modification framework.		Draft	2026-03-01
ENISA — Cyber Resilience Act: Guidance for Manufacturers ENISA landing page; links to individual guidance documents. Hash-watched daily.		In force
ENISA — Single Reporting Platform for CRA Art. 14 vulnerability and incident reports Reporting platform information; URL subject to change as platform is built out.		In force
The 'Blue Guide' on the implementation of EU product rules 2022 OJ C 247, 29.6.2022. Defines placing on the market, economic operators, conformity assessment, CE marking; all concepts carried into CRA.		In force	2022-06-29

協調標準

標題	CELEX / ELI	狀態	版本日期
EN 18031-1 — Common criteria for radio equipment cybersecurity (Part 1: general requirements) CEN-CENELEC. Harmonised standard under RED; relevant crosswalk to CRA Annex I.		In force
EN 18031-2 — Common criteria for radio equipment cybersecurity (Part 2: internet-connected equipment)		In force
EN 18031-3 — Common criteria for radio equipment cybersecurity (Part 3: equipment processing personal data)		In force
IEC 62443-4-1 — Security for industrial automation and control systems: Secure product development lifecycle requirements Relevant to CRA Annex I Part I secure development requirements.		In force	2018-01-01
IEC 62443-4-2 — Security for industrial automation and control systems: Technical security requirements for IACS components		In force	2019-02-01
ETSI EN 303 645 — Cyber Security for Consumer Internet of Things: Baseline Requirements Baseline IoT security standard; relevant crosswalk to CRA Annex I.		In force	2020-06-01

相關法規和法案

標題	CELEX / ELI	狀態	版本日期
Commission Delegated Regulation (EU) 2022/30 supplementing RED Directive with regard to cybersecurity Art. 3(3)(d)(e)(f) RED cybersecurity requirements. For some radio products, CRA takes precedence; crosswalk documented in Phase 14.	32022R0030	In force	2022-01-29

Source documents — CRA 合規中心