Information for Industry
Economic operators must comply with Article 13 of the Cyber Resilience Act. CVD Portal provides the institutional infrastructure to manage these obligations seamlessly.
Manufacturer Obligations under CRA
Under the CRA, manufacturers of digital products are required to implement a vulnerability disclosure policy and provide a single point of technical contact for security researchers.
Article 13 Compliance
Manufacturers must notify ENISA and relevant national authorities of actively exploited vulnerabilities within mandatory timelines (24h/72h).
Strategic Reporting Requirements
- Intake Channel: Secure, standardized portal for receiving technical reports.
- Triage Workflow: Structured process to assess CVSS and potential impact.
- Authority Notification: Automated export of data for EU-wide reporting.