監管截止日期
歐盟網路韌性法案下的關鍵日期。
CRA enters into force
Regulation (EU) 2024/2847 published in the Official Journal and enters into force. The clock starts.
Vulnerability reporting & notification obligations (Art. 14)
Manufacturers must report actively exploited vulnerabilities and severe incidents to ENISA: 24-hour early warning, 72-hour notification, 14-day final report. The ENISA single reporting platform must be operational by this date.
Conformity assessment body notification obligations
Obligations relating to notification of conformity assessment bodies apply. Relevant for manufacturers requiring third-party conformity assessment (Important Class II, Critical products).
Full regulation applies
All CRA obligations apply to all in-scope products with digital elements. All tools, assessment workflows, documentation, and vulnerability-handling processes must be in place.