Cyber Resilience Act readiness

Cyber Resilience Act compliance cockpit for software teams

Aegis SafeForge helps teams assess CRA applicability, classify products, map obligations to existing engineering evidence, and monitor gaps without treating compliance as a one-time checklist.

CRA vulnerability and incident reporting obligations begin on 11 September 2026. Full product obligations apply from 11 December 2027.

From applicability to evidence

The cockpit is designed to connect product intake, classification, obligations, evidence expectations, and reviewer state in one traceable workflow.

  • Applicability and classification walkthrough
  • Obligation calendar by content-package version
  • Evidence coverage and missing-information view

Not another static checklist

Compliance state should change when your product, SBOM, vulnerability posture, or evidence changes. Aegis SafeForge is being shaped around that living loop.

  • Gap snapshots with stale-state indicators
  • SBOM and vulnerability workflow direction
  • Escalation into the ASF engineering workspace

Reviewer accountability

Aegis SafeForge keeps compliance work grounded in human review, source evidence, and traceability rather than unsupported automation claims.

  • Proposal, review, approve, reject, request-info states
  • Audit trail for evidence decisions
  • Export-ready gap reporting direction

Cockpit loop

01

Connect sources

02

Classify product

03

Map obligations

04

Score evidence coverage

05

Track gaps

06

Escalate remediation

CRA self-check

Check likely CRA applicability in 2 minutes

This deterministic self-check uses simple scope rules. The full Aegis SafeForge CRA Cockpit analysis then connects product data, SBOM, evidence, and obligations.

CRA timetable

  • 10 December 2024: CRA entered into force.
  • 11 September 2026: vulnerability and incident reporting obligations begin.
  • 11 December 2027: full application including CE/conformity obligations.

Your role

01

Is the product software, hardware with digital elements, or a connected product?

02

Is it placed on the EU market, supplied to EU customers, or planned for EU release?

03

Is it offered commercially or as part of a business activity?

04

Is it clearly covered by a specific excluded sector regime or purely non-commercial open source?

05

Does it provide security, identity, network, update, access-control, or vulnerability-management functions?

06

Does the product depend on remote processing, cloud services, APIs, or continuous updates?

CRA scorecard

91

Likely CRA-relevant

Check Default or Important Class I

Self-check only, not legal advice and not a conformity guarantee.

Dedicated CRA workflow

Move from self-check to AI-powered CRA gap analysis

The Aegis SafeForge CRA Cockpit performs the detailed analysis with product context, SBOM, evidence, obligations, reporting cases, and ASF handoff.

Request CRA Cockpit
Applicability and classification engine for CRA and AI Act
Versioned obligation calendar with September 2026 reporting focus
Evidence-to-obligation mapping with credit for existing ISO/security work
Living SBOM, vulnerability enrichment, and stale-state detection
24h/72h/14-day/1-month reporting-case workflow
Gap snapshot, scorecard, audit trail, and handoff into the ASF workspace

Frequently asked questions

Does Aegis SafeForge guarantee CRA conformity?

No. Aegis SafeForge supports assessment, evidence mapping, traceability, and review workflows. Final conformity decisions remain with qualified teams, legal advisors, assessors, and notified bodies where required.

What happens if our product classification changes?

The cockpit direction is to keep classification and obligation results tied to versioned content packages and reassessment history, so teams can see when a change affects the gap picture.

How is this different from a CRA checklist?

A checklist records answers. Aegis SafeForge aims to connect answers to product context, evidence, SBOM state, reviewer decisions, and ongoing monitoring.

Aegis SafeForge

Connect compliance work to engineering traceability

View platform