ctipilot.ch

Home · Live brief · Weekly 2026-W27

EU Cyber Resilience Act — 75 days to the 11 September vulnerability/incident-reporting obligation

notable policy discovered 2026-06-29 00:21 UTC

Entities: EU Cyber Resilience Act

Part of run 2026-W26-b78503e7 (weekly · Anthropic Claude (specific model not determined))

CRA Article 28 (conformity-body notification) entered force on 11 June 2026; the next binding milestone — mandatory vulnerability/incident reporting by manufacturers to ENISA's Single Reporting Platform — activates 11 September 2026, now ~75 days out (ENISA SRP). ENISA has not yet published a dry-run schedule, stating guidance is due June–August (Crowell & Moring). For Swiss readers the practical action is procurement-side: Swiss manufacturers selling digital products into the EU fall in scope, and Swiss public-sector procurement teams should add CRA compliance attestations to vendor specs and confirm in-scope suppliers can meet the 24/72-hour SRP reporting flow before it binds.

law-enforcement eu-nexus europe