Free PDF

Every step to get CRA-ready, on one checklist.

A plain-English readiness checklist that walks you through the EU Cyber Resilience Act from “what is this?” to a signed EU Declaration of Conformity. One free PDF with editions for Manufacturers and for Importers/Distributors, so you can follow the steps that apply to your role.

Last updated · 8 Jun 2026

Get the CRA Readiness Checklist, free.

Tell us where to send it and your download will start immediately. One plain-English PDF with editions for Manufacturers and for Importers/Distributors.

No spam. Unsubscribe any time.

What's inside

  • A scope check up front - confirm whether the CRA applies to your product before doing anything else.
  • Security by design and secure by default: what these principles mean in practice and how to document them.
  • SBOM requirements: format, minimum content, where it lives in your technical documentation.
  • Vulnerability handling and your coordinated vulnerability disclosure (CVD) policy and public contact point.
  • Free security update obligations: how long, how to communicate, and what the support period means.
  • CE marking and EU Declaration of Conformity: the steps in the right order.
  • Manufacturer vs Importer/Distributor: the checklist flags which steps apply to each role.
  • Key dates: 11 Sep 2026 (reporting) and 11 Dec 2027 (full application), with what each means for you.
  • The official sources behind each step - EUR-Lex, European Commission, ENISA - so it stays checkable.

Built for your role

Manufacturer edition

For companies that design and build products with digital elements. Covers the full manufacturer duty set: security by design, SBOM, CVD policy, technical documentation (Annex VII), EU Declaration of Conformity, CE marking, and the security update obligation over the support period.

Importer / Distributor edition

For companies that import or resell products already placed on the market. Covers the importer and distributor duty set: due diligence on the manufacturer, checking that documentation and CE marking are in place, and your obligations if a product is found to be non-compliant.

Both editions are in the one PDF, clearly labelled, so you can go straight to the section that applies to you.

Who this is for

Anyone who has been handed “the CRA” and needs to know what to do and in what order. Whether you build connected hardware, develop software sold to EU customers, import smart devices, or manage compliance for a product portfolio, the checklist gives you a structured path and a way to show your progress.