Cyber Resilience Act readiness for products with digital elements — scope, the essential-requirements checklist, conformity evidence, and the Article 14 reporting clock, in one place. Your inputs are saved in this browser.
A quick determination that sets up the rest of the module. The public 60-second version lives at /cra-scope.html.
These populate the technical documentation and the Declaration of Conformity.
Annex I of the CRA. Tick what your product already meets — this drives your readiness score and is reflected in the generated technical file.
Annex I Part II requires a machine-readable SBOM covering at least top-level dependencies. One per line: name version license.
Drafts structured to CRA Annex VII (technical documentation) and Annex V (Declaration of Conformity), reflecting your readiness ticks and SBOM. Templated drafts for review by a qualified person — not legal advice.
Article 14 reporting applies from 11 Sep 2026, via the ENISA Single Reporting Platform. Logging here starts the statutory clock, saves it, and drafts the notification.
Every logged item with its next statutory deadline — the audit trail a market-surveillance authority can ask for. Saved in this browser.
Nothing logged yet.
CleanDesk — CRA module. Generated documents are templated drafts for review, not legal advice. Cadence per CRA Art. 14: 24h early warning · 72h assessment · final report 14 days (vulnerability) or 1 month (incident). References: Regulation (EU) 2024/2847, Annexes I, III, V, VII.