Skip to main content
Cybersecurity

EU Cyber Resilience Act (CRA): Are You Prepared?

An informational webinar for companies that make and sell products with digital elements in the EU. Non-compliant products can result in financial penalties of up to €15,000,000 and revocation of EU market access.*

Thursday, June 11 | 1 pm ET / 10 am PT | Online

Vulnerability requirements apply on September 11, 2026

CRA is a new piece of regulation that aims to ensure lifetime security and resilience against cyber threats for all products with digital elements. All manufacturers that sell their products in the EU market are responsible for the security of their products throughout their lifecycles, including 3rd-party components, maintenance, documentation, and official assessments.​ Full CRA requirements apply on December 11, 2027.

What you'll learn:

  • Whether your products fall under CRA scope and what that means for your roadmap decisions 

  • The specific obligations your team needs to meet before the September 2026 vulnerability reporting deadline and the December 2027 full compliance enforcement date 

  • How Qt's LTS releases, SBOM generation, and QA tooling map to CRA requirements, so your path to compliance builds on work you've already done

Speaker:

1770926668038

Corey Pendleton

Director, Solutions Engineering, Americas

 
Host:
1580496857123

Rory McGarrigle

Strategic Key Account Manager, Americas

 

 

Save Your Spot:

Register to attend live or receive the recording. 

CRA Timeline

December 10, 2024

CRA Entered Into
Force

First announced in September 2021, the CRA was proposed by the European Commission on 15 September 2022 to complement the existing EU cybersecurity framework, including the NIS and NIS 2 directives, and the EU Cybersecurity Act. Followed by negotiations and a provisional agreement between the co-legislators in 2023, the Council of the EU adopted the Cyber Resilience Act in December 2024.

September 11, 2026

Reporting Requirements Apply

The obligations concerning vulnerability reporting will be applied as of September 11th, 2026 - that's 21 months after the entry into force.

NOTE! This applies to all covered products on the EU market at that date, not just those placed on the market for the first time.

December 11, 2027

Full CRA Requirements Apply

All essential CRA requirements will be implemented over a 36-month transition period. That is, as of December 11th, 2027, all covered products placed on the EU market for the first time must be designed, developed, produced, and maintained in accordance with the essential cybersecurity requirements of the regulation.

* The information contained on this page and this website does not constitute legal advice. It is provided for informational purposes and discussion of the subject matter only. Content is subject to change and The Qt Group does not guarantee the accuracy or currentness of the contents of this page nor is The Qt Group responsible for the content or operation of any external website that these pages link to—or that may link to—these pages. The information contained here is not, and should not be used as, a substitute for legal advice.