Regulus

CRA Scope
Join Now

EU Cyber Resilience Act 🇪🇺 Compliance Software

Prepare your digital product for the EU Cyber Resilience Act with our Cyber Resilience Act Compliance Software. Identify applicability, classify your product, map requirements and generate the documentation you need to meet 2025–2027 deadlines.

Join Early Access — Save 20%

    By submitting this form, you accept our Terms and acknowledge that Regulus will process your data to provide Early Access updates. For more details, see our Privacy Policy.

    CRA Compilance Software image

    The Cyber Resilience Act will impact every digital product in the EU

    The EU Cyber Resilience Act introduces mandatory cybersecurity requirements for any product with digital elements placed on the European market.
    Manufacturers, importers and distributors of software, firmware, embedded systems and IoT devices must understand applicability, classification, technical documentation and vulnerability-handling obligations.

    If you are planning your CRA strategy, read our Cyber Resilience Act compliance roadmap 2025–2027.

    EU flag


    For additional background, you can read the official EU CRA page at the European Commission website.

    A unified Cyber Resilience Act compliance platform

    Regulus brings together the information, structure and documentation you need to prepare for the CRA — without relying on manual spreadsheets or costly consulting engagements.

    CRA Applicability Checker icon

    CRA Applicability Checker

    Identify whether the Cyber Resilience Act applies to your digital product and understand the factors that determine scope.

    Product Classification icon

    Product Classification

    Determine whether your product falls under Default or Critical Class and clarify the obligations tied to your supply-chain role.

    Requirements Matrix icon

    Requirements Matrix

    Generate a complete list of CRA-aligned obligations based on your product profile, including security, updates and documentation needs.

    Documentation Templates icon

    Documentation Templates

    Access the core technical files required under the CRA and structure the information needed for Annex II and Annex VII.

    Vulnerability Management icon

    Vulnerability Management

    Understand the vulnerability handling and reporting workflow defined by the CRA, from detection to coordinated disclosure.

    Roadmap 2025–2027 icon

    Roadmap 2025–2027

    Follow a clear, actionable timeline that outlines the steps required to prepare your product for upcoming CRA deadlines.

    Cyber Resilience Act compliance in days — not weeks

    1.
    CRA Applicability Assessment

    Identify applicability, product class and supply-chain role using a guided CRA workflow.

    2.
    Requirements Mapping

    Get a tailored matrix of CRA obligations, including security requirements, updates, documentation and post-market surveillance.

    3.
    Compliance Plan

    Follow a practical roadmap with documentation templates, evidence structure and recommended next steps for your team.

    EU CRA Software

    Simple, transparent pricing

    Basic

    1500 €

    CRA applicability, classification and exportable report.

    Start Now

    Pro

    5500/year

    Full compliance roadmap, documentation and updates.

    Start Now

    Enterprise

    Custom

    Multi-product support and dedicated compliance workspace.

    Start Now

    Lastest articles

    CRA Compliance

    CRA Requirements

    CRA Documentation

    Start your Cyber Resilience Act compliance today

    Get clarity, reduce cost and prepare your digital product for EU regulatory deadlines. Regulus is a Cyber Resilience Act Compliance Software platform designed for digital product teams preparing for CRA requirements.

    Start your CRA assessment

    FAQs

    What products fall under the Cyber Resilience Act?

    Any product with digital elements placed on the EU market may fall under the CRA, including software, firmware, embedded systems, IoT devices and connected hardware.

    Does the CRA apply to cloud-only or SaaS-only products?

    Pure SaaS products without distributed components are generally outside the CRA scope. Products with installable software, firmware or connected hardware are typically included.

    Who is responsible for CRA compliance?

    Manufacturers have the main responsibility, but importers and distributors must also verify conformity and ensure compliant products reach the EU market.

    What documentation does the CRA require?

    The CRA requires technical documentation aligned with Annex II and Annex VII, including security measures, update processes, vulnerability handling and product information.

    What are the CRA deadlines?

    Core obligations enter into force gradually from 2025 to 2027. Companies must understand applicability, classification and documentation requirements ahead of these deadlines.

    Regulus Logo
    Powered by  GDPR Cookie Compliance
    Privacy Overview

    This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.