European Union Cyber Resilience Act (CRA)

CRA Updates

• OpenSSF CRA Blog
• European Commission CRA Implementation Website
• European Commission FAQ Document - v1
• CRA Experts Group
• OpenSSF Presentations

Stewards Guidance

• The Linux Foundation Leadership CRA Stewards One Pager
• The Linux Foundation CRA Stewards Playbook

Standards

• CRA Standards Map
• Standardization Special Interest Group Updates
• ESOs Overview
• OpenSSF Feedback on Draft Standards

Checklists

• OSS Stewards Obligations Checklist
• PSIRT Obligations Checklist

EU Authorities

• Market Surveillance Authorities (MSA)
• Administrative Cooperation Groups (AdCos)
• Conformity Assessment Bodies
• Market Surveillance (ICSMS)
• Notified Bodies

Additional Links

• ENISA Single Reporting Platform
• CSIRTs Network
• Implementing regulation (EU) 2025/2392: Technical description of the categories of important and critical products with digital elements
• Delegated act on terms and conditions for CSIRTs: Specifies the terms and conditions for applying the cybersecurity-related grounds in relation to delaying the dissemination of notifications

CRA Timeline